ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: draft-danisch-dns-rr-smtp-01.txt

2003-04-26 22:52:03
from [Vernon Schryver] [Permanent Link] 
From: Scott Nelson <scott(_at_)spamwolf(_dot_)com>



...
Recognize that the goal for the receiver isn't to find all the 
valid IP's for a domain, but rather just the one they are receiving
email from.  To answer the question "is IP a.b.c.d an authorized 
IP for example.com?", the receiver could check 
d.c.b.a.rmx.example.com.
...


The problem with that is that Hotmail, Yahoo, and most of the rest of
the owners of the domain names that appear in SMTP Mail_From senders
in the majority of spam instruct their DNS servers to always answer
"yes, a.b.c.d authorized" for any and all IP addresses.

As far as I can tell almost all free mail providers not only
allow but encourage their users to send their mail using the
ISPs that provide connectivity.  They do this for several reasons:

  - It is cheaper for the free mail providers to let someone else
     provide the bandwidth, CPU cycles, and so forth to send mail.

  - Many free mail provider users cannot send mail through their free
     providers, because their connectivity providers block port 25.

  - Many free provider users want to use free mail boxes only as
     "drop-boxes."  They want to send mail from systems they are
     comfortable with or forced to use (e.g. by port 25 filtering),
     but receive mail elsewhere for various reasons including not
     exposing their professional affliations and reducing spam in
     their main mailboxes.

Various forms of roaming including using your laptop in airports and
varying IP addresses provided with DHCP or IPCP to dialup, DSL, and
cable modems make it impractical for free providers to know their
customers well enough to know which IP addresses each will use.  Virtuous
free providers could know their customers well enough to prevent spam
by requiring performance bonds such as credit card numbers, but even
good customers can't know what IP addresses they'll be using tomorrow.

Thus, free providers that did not teach their DNS servers to always
answer your question "Sure, that address is authorized" would have
many fewer users.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A New Plan for No Spam / DNSBLS, Steven F Siirila
Next by Date:  Re: [Asrg] A New Plan for No Spam / DNSBLS, Larry Marks
Previous by Thread:  [Asrg] Re: draft-danisch-dns-rr-smtp-01.txt, Scott Nelson
Next by Thread:  Re: [Asrg] Re: draft-danisch-dns-rr-smtp-01.txt, Justin Mason
Indexes:  [Date] [Thread] [Top] [All Lists]