ietf-asrg
[Top] [All Lists]

Re: [Asrg] whitelisting server and not users

2003-04-02 12:09:45
On Wed, Apr 02, 2003 at 07:34:34AM -0800, william(_at_)elan(_dot_)net wrote:
It does not because of multiple problems like breaking mailing lists and 
forwarders and roaming users, only looking for enevelope from (while most 
users see header from and it can still be forged, etc). Here are
links about this (and similar) proposal that I gathered so far:

Maybe I didn't make it clear in my first post in this thread, but sorry,
I can't
a) see the problems described above
b) see how the proposals in the list you provided do relate to my proposal

What I am proposing is:
    mail.space.net      IN      A       195.30.0.8
we will like other mailservers to accept mail from mail.space.net and
indicate that by adding
    8.0.30.195.in-addr.arpa     IN      TXT     "abuse(_at_)space(_dot_)net"

If we contact another mailserver this mailserver would
- test if there is a TXT record for 8.0.30.195.in-addr.arpa
   i)  if there is -> fine
   ii) if there isn't
       1) accept the email anyway but flag the email as "no RR TXT"
       2) wait for a SMTP AUTH
          a) if there is, it's a valid (roaming) user, accept,
             probably add some authorisation information. (We currently
             add "SMTP AUTH verified <maex(_at_)space(_dot_)net>" which allows 
us
             to track abusers very easily.
          b) if there isn't, reject the eMail with an appropriate error
             to the RCPT TO command (either permanent or temporary in
             case of experienced DNS problems (TIMEOUT, SERVFAIL)

Please note that this does in no way any verification of EMAIL ADDRESSES.
It just checks, if the maintainer of the in-addr.arpa zone acknowledges
that the IP address the connection comes from is supposed to be a mailserver.

Using TXT records (e.g. MX will do also) has the big advantage that one
doesn't need another RFC to define a new type of record type or other
implementation work (add the new record type to DNS servers, to zone
management tools, ...). Deployment could be *very* fast at minimal cost.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg