Dear all,
This certainly has been a lively discussion.
I learned a few things, and added some notes to the page at:
http://www.mikerubel.org/computers/rmx_records/
But at this point, I continue to stand by RMX records. The objections
raised thus far haven't convinced me--basically that because RMX records
won't single-handedly end spam overnight, they aren't useful.
This argument seems to stem from a misunderstanding of the intent.
RMX gives senders a mechanism to prevent others from credibly
misappropriating their names, and it does so at minimal implementation
cost--especially to recipients (I hope that "use_rmx" will become a single
configuration flag in MTAs, on by default). It doesn't introduce any new
protocols or break the vast majority of existing installations (I suppose
there will always be some, but even the most vehement critic must concede
that RMX is remarkably non-disruptive given its potential utility).
In some cases, organizations wishing to implement RMX will need to make
changes to accommodate their traveling or remote members, so that those
members are able to send mail via the official mail servers. A wide
variety of common techniques (SMTP-AUTH, VPN, stunnel, webmail) are
already available and widely used specifically for this purpose, and
organizations will be free to make the changes on their own schedules and
terms.
Domains employing RMX will have shown an intent to be good netizens, and
their mail will be held to a higher spam-probability threshold than
non-RMX domains. Forged email claiming to come from an RMX-protected
domain will be held to a very low spam-probability threshold--perhaps even
zero (automatic discard). In this way, RMX will give useful information
to help filters distinguish spam from ham, and will become more useful as
it becomes more prevalent.
I sincerely appreciate everyone's input.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg