"Ken Hirsch" <kenhirsch(_at_)myself(_dot_)com> wrote:
The idea behind RMX can be implemented without changes to DNS, however. For
example, via MX records, as already mentioned,
Which overloads the meaning of MX records.
There is currently no requirement that originating MTA's for a
domain are the same as recipient MTA's for that domain. Many systems
have them on different machines.
RMX permits such behaviour to continue. Overloading MX records
forbids that behaviour.
2. Too many control points. There are just too many domain names and too
many domain name servers for the presence of an RMX record to mean much.
Yes, it reduces the forged header problem, but it's just too easy to set up
your own domain name server that it will mean little in the way of
controlling spam.
It's one more hoop that spammers have to jump through before they
can send spam. It's one more way of tracing spammers, once they have
sent spam.
3. What do you do when there is no RMX record?
This question has already been answered multiple times.
My proposal, for _any_ authentication scheme, is to bridge the gap with a
"mandatory" challenge-response system. If you disagree with that, what is
your proposal for how mail from non-RMX systems should be handled.
The answer is "no worse, and no better, than it is today."
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg