ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Problems with RMX

2003-05-06 13:11:53
from [Michael Rubel] [Permanent Link] 

KH> The idea behind RMX can be implemented without changes to DNS, however.
KH> For example, via MX records, as already mentioned, or via some specially
KH> coded A record (see http://www.bondedsender.org/#dns-info).

Ken,

If I'm understanding the article at this link correctly, the way bonded
sender works is to certify certain IP addresses as non-spammer, and
then to provide a mechanism to report violations--in which case, the
"bonded" status of the sender's IP address is revoked.

This is not the idea behind RMX at all!  In particular, the presence of
RMX records does not imply that a domain is not spamming--only that the
messages you have received "from" it are not forged.  Also, RMX does not
require a trusted third party, and has finer granularity (by domain
name, not by IP address).  Please see Hadmut's draft or my page (link at
bottom) for more details.

RMX is designed to be an anti-forgery device, not an anti-spam device.
However, removing the ability to make email appear to come from a
trusted (or otherwise unlikely-to-be-blacklisted) source would remove
one of the spammers' more potent obfuscation weapons, and therefore make
spam easier to detect and filter.

If you'd like to discuss the bonded-sender concept further, or if I've
messed it up, please let me know.


2. Too many control points.  There are just too many domain names and too
many domain name servers for the presence of an RMX record to mean much.
Yes, it reduces the forged header problem, but it's just too easy to set up
your own domain name server that it will mean little in the way of
controlling spam.


This is not really a limitation.  Does it make more sense in the context
I've just described?


3. What do you do when there is no RMX record?

My proposal, for _any_ authentication scheme, is to bridge the gap with a
"mandatory" challenge-response system.  If you disagree with that, what is
your proposal for how mail from non-RMX systems should be handled.


Actually, my article explains RMX as a three-way handshake--that is, a
challenge-response.  See:

http://www.mikerubel.org/computers/rmx_records/#dns

or read the whole article at:

http://www.mikerubel.org/computers/rmx_records/

Mike

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] seeking comments on new RMX article, Barry Shein
Next by Date:  Re: [Asrg] seeking comments on new RMX article, Dave Crocker
Previous by Thread:  [Asrg] Problems with RMX, Ken Hirsch
Next by Thread:  Re: [Asrg] Problems with RMX, Ken Hirsch
Indexes:  [Date] [Thread] [Top] [All Lists]