William,
Thanks. I agree that the proposal presents a number of difficulties and
technical challenges, specifically with breaking legacy systems (maillists) I
am not so sure that these can not be overcome with some a additional analysis
(e.g. additional research into how many vectors for verification are available
to the receiving MTA: helo/ehlo, mail from, 822-header information, forward
chaining) that may use a combination of approaches. Still, an interesting
approach IMHO. Thanks for the pointers. BTW, was a consensus check done on
that approach, just curious (since you seem to be the link master :-)
-e
On Wednesday, April 02, 2003 10:35 AM, william(_at_)elan(_dot_)net
[SMTP:william(_at_)elan(_dot_)net]
wrote:
It does not because of multiple problems like breaking mailing lists and
forwarders and roaming users, only looking for enevelope from (while most
users see header from and it can still be forged, etc). Here are
links about this (and similar) proposal that I gathered so far:
DNS Based source domain verifications
Proposals:
RMX proposal by Hadmut Danisch-
http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-00.txt
Designated Sender proposal by G. Fecyk -
http://www.pan-am.ca/draft-ietf-asrg-dsprotocol-00.txt
Repudiating MAIL FROM by Paul Vixie
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00627.html
Domain Specific DNS blacklists:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00686.html
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00742.html
Objections, Discussions:
DNS Security Problems:
http://www.securityfocus.com/guest/17905
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00665.html
Incompatibilities with current mail system (maillist problems, etc):
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00025.html
https://www1.ietf.org/mail-archive/working-
groups/asrg/current/msg00541.html
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00700.html
https://www1.ietf.org/mail-archive/working-
groups/asrg/current/msg00762.html
On Wed, 2 Apr 2003, Eric D. Williams wrote:
The very first message to this list suggested such a scheme.
https://www1.ietf.org/mail-archive/working-
groups/asrg/current/msg00001.html
I have heard it referred to in subsequent threads, and among other
proposals
and analysis I have read, it does seem to be a promising if it meets the
ultimately developed requirements. The proposal for an 'RMX' RR was
presented
as an interim or incremental solution to the issue you refer to. I wonder
if
the author of the proposal is still participating, Hadmut you there?
-e
On Wednesday, April 02, 2003 11:27 AM, Markus Stumpf
[SMTP:maex-lists-spam-ietf-asrg(_at_)Space(_dot_)Net] wrote:
I don't know if this has been discussed here before. All the whitelisting
discussion I have seen so far was verifying the existance of users.
From what I see from my logs by far the most percentage of spam is from
hosts that are either on dynamic addresses or e.g. the unsecured
workstation of someone in a company that all get abused, either by
having a "not known about" mailserver or proxy server or ...
IMHO a fast and easy to implement strategy would be not to accept
SMTP connections from hosts that haven't clearly marked themselves
"I am a outgoing MAIL Server".
Such marking can be easily done in DNS in the in-addr.arpa zone either
by e.g. setting a TXT record (preferable with a abuse contact) or a MX
record (either a MX record at all or one with a special prio).
This is better than any DNSBL list, because most reverse zones are
maintained at the ISPs and they should probably know what they are
doing.
This setup is easy, cheap, easily deployable for the senders and the
recipients (existing DNSBL modules need only minor tweaking). Transition
is easy, also, one could use the information to add RFC 2822 Headers
on the existance/absence of those records for use with e.g. spamassasin.
Classification is easy, also: you want spam you don't look at these
records, you don't want spam you do.
I know this is not a solution to eliminate spam in total, but it might be
one to eliminate large amounts of it.
Also if an ISP adds one of those records one could set up legal mumbo
jumbo and the customer can't say "it was a newly setup system and we
didn't know it has a mailserver running".
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89)
32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-
299
"The security, stability and reliability of a computer system is
reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg