ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: draft-danisch-dns-rr-smtp-01.txt

2003-04-27 12:53:29
From: Scott Nelson <scott(_at_)spamwolf(_dot_)com>

...
I don't understand that.

The paper (draft-danisch-dns-rr-smtp-01.txt) advocates a method for
doing authentication of IP address as valid senders for domains.
My post suggested an improvement (IMO) to the method of 
doing authentication of IP address as valid senders for domains.

I was simply trying to make it clear that your complaint applies to
/all/ methods of authentication of IP address as valid senders for 
domains, and not just the particular method I suggested.

Oh.   Yes, my point applies to all implementations of special notion
of what I you mean by validating senders.  It does not apply to other
tactics.  For example, simply white- or blacklisting by IP address or
domain name differs.  The crux of the special notion is requiring a
relationship between the IP address of the SMTP client and the SMTP
envelope Mail_From value.


To identify mail that is very likely to be from the domain in question,
you do not need any new protocols, modifications to existing protocols,
or new conventions such as DNS RRs.  You need only compare the PTR RR
for the SMTP client with the envelope sender domain.  That comparision
won't be completely accurate, but it will be more accurate than any
new scheme.

PTR RR for the SMTP client?
Now I do not understand.

In most of the cases where this special notion makes sense or probably
ever will make sense, you can already compare the reverse DNS name of
the the IP address of the SMTP client (PTR RR) with the domain name
in the SMTP envelope Mail_From sender value.  This special notion is
hopeless, wrong, and unwanted in the cases where it is most needed,
mail with free provider sender addresses.  Comparing senders with PTR
RRs fails for some complicated or misconfigured installations other
than free providers, but works most of the time.  It has long been in
use by people who can tolerate false positive rates above 1%.


compare (as well as a user name).  Remember that bounces are supposed
to come from "<>".  See section 6.1 of RFC 2821.

Maybe we should change that.

Why?  What fraction of spam do you see comes from "<>"?  I see very little.
It's not good to change protocols just to prove you can or because
one can't think of a reason why not.

Please consider reasons why "<>" might have been chosen instead of
something like "<mailer_daemon(_at_)example(_dot_)com>".  One possibility that
occurs to me is that it a bounce must always have a valid address no
matter what the receiver thinks.  If there is any room for the receiver
to think that the sender of a bounce is bogus, then there can be
double, triple, and infinite bounces.  Given the need for a sender
address that is always valid (including should never be filtered), it
doesn't matter much whether it is "<>" or "<Mailer-daemon>" or anything
else, except that "<>" is shortest.


That's one of the purposes of this group isn't? -
 To suggest changes to SMTP that would make it more resistant to spam?

I have the distinct impression that many contributors to this mailing
list see its purpose as making changes to SMTP desite nitpicking
considerations such as reducing spam.  I don't intend to attack you
or anyone else in particular.  I'm weary of the continuing demands
(not just suggestions) that SMTP be changed or replaced based on
reasoning that is best described as "why not?" The many proposals to
authenticate or validate senders have this problem in spades.  They
are advanced without any measurements of how much spam they might
prevent but only the intuition of their advocates that the changes
would surely be wonderful.  Worse, the talk of validating senders,
challenging responses, and so forth seem to be instead of consideration
of the nominal work items of the mailing list.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg