On Wed, 2 Apr 2003, Eric D. Williams wrote:
The very first message to this list suggested such a scheme.
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00001.html
I have heard it referred to in subsequent threads, and among other proposals
and analysis I have read, it does seem to be a promising if it meets the
ultimately developed requirements. The proposal for an 'RMX' RR was
presented
as an interim or incremental solution to the issue you refer to. I wonder if
the author of the proposal is still participating, Hadmut you there?
-e
To be fair to Markus, while there is a hazy relationship between his
scheme and Hadmut's, they are fundamentally different because Hadmut
want to authorize the envelope from address and Markus the connection
IP. I don't believe many of the objections to validating the envelope
from address (mailing lists, forwarding, etc) apply to validating the
IP connection address.
Markus's scheme gives to the DNS owner the authority to authorize or
disallow mail from a server whose pimary host name is in its delegated
space. This seems perfectly reasonable to me, especially since it is
optional for receipients to observe the authorization or not, and
would require no new protocols or even much coordination.
People who wanted to send mail, but whose machines were registered
in domains whose owners didn't want them to would complain. I
wouldn't think that was decisive, though. They could forward
through a valid machine, or take their chances with filters.
On Wednesday, April 02, 2003 11:27 AM, Markus Stumpf
[SMTP:maex-lists-spam-ietf-asrg(_at_)Space(_dot_)Net] wrote:
I don't know if this has been discussed here before. All the whitelisting
discussion I have seen so far was verifying the existance of users.
From what I see from my logs by far the most percentage of spam is from
hosts that are either on dynamic addresses or e.g. the unsecured
workstation of someone in a company that all get abused, either by
having a "not known about" mailserver or proxy server or ...
IMHO a fast and easy to implement strategy would be not to accept
SMTP connections from hosts that haven't clearly marked themselves
"I am a outgoing MAIL Server".
Such marking can be easily done in DNS in the in-addr.arpa zone either
by e.g. setting a TXT record (preferable with a abuse contact) or a MX
record (either a MX record at all or one with a special prio).
This is better than any DNSBL list, because most reverse zones are
maintained at the ISPs and they should probably know what they are
doing.
This setup is easy, cheap, easily deployable for the senders and the
recipients (existing DNSBL modules need only minor tweaking). Transition
is easy, also, one could use the information to add RFC 2822 Headers
on the existance/absence of those records for use with e.g. spamassasin.
Classification is easy, also: you want spam you don't look at these
records, you don't want spam you do.
I know this is not a solution to eliminate spam in total, but it might be
one to eliminate large amounts of it.
Also if an ISP adds one of those records one could set up legal mumbo
jumbo and the customer can't say "it was a newly setup system and we
didn't know it has a mailserver running".
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is
reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg