Hadmut,
HD> On Tue, May 06, 2003 at 10:38:59AM -0700, Dave Crocker wrote:
However, the belief that it would have been useful under those
circumstances is based on the view that the administrator of the
timesharing system was independent of the person running the
applications AND that administrator could be expected to be trustworthy.
And therein lies the same, serious problem with RMX.
HD> Huh? I can't follow you, I don't understand what you're trying to say.
HD> Please elaborate.
Ident asks the owner (root) of the associated IP address for some
identification information and assumes that the requestor then knows
something that is both accurate and important. The assumption is
incorrect, possibly on both counts.
RMX asks the owner of the domain about a purported relationship to some
other domain, and assumes that is is both accurate and important.
Again, it is incorrect, possibly on both counts.
Does use of RMX mean that the sending MTA has authorized the From field
domain name? Perhaps.
But a rogue spammer who owns an MTA is free to list whatever other
domain names it wants in the RMX. So nasty-spammer.com is free to have
an RMX entry for aol.com.
And, by the way, we have not achieved much, even if we make all the From
fields be accurate. We still get spam.
d/
--
Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg