On Sun, 4 May 2003 13:27:23 -0700 (PDT)
Mike Rubel <asrg(_at_)mikerubel(_dot_)org> wrote:
I'm in exactly the same boat here--multiple accounts on different
machines without outbound smarthosts.
I'm in a slightly different position to that: multiple accounts on the
same machine. Umm, actually its slightly worse than that thru
repetition.
This is not an insurmountable problem, though. When the administrator
of a system decides to implement RMX records, he will need to provide
SMTP-AUTH or VPN or even a port-25 ssh tunnel. Many (most?) sites
already do something like this, but it's only fair to factor it into
the work involved in implementing the RMX approach. I have added a
note to that effect at the bottom of the page:
An additional cost there is MTA configuration, a non-trivial problem.
Consider the case of someone with multiple accounts etc, using a
non-SMTP based MUA, an MUA which uses localhost SMTP only, or even more
simply, an MUA which doesn't support multiple configurations for
outbound smarthost. In any/all of those cases support is required from
the localhost MTA -- which in the general case can be assumed to not be
available.
Even with this cost factored in, however, I still believe that the RMX
solution is far better (smaller effort required to implement and fewer
things broken) than any other solution I have seen to the email
forgery problem.
I've a fondness for forward signed Received: headers, but that attacks a
different aspect of the forgery problem.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg