ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Problems with RMX

2003-05-06 14:03:09
from [Ken Hirsch] [Permanent Link] 
From: "Michael Rubel" <asrg(_at_)mikerubel(_dot_)org>

KH> The idea behind RMX can be implemented without changes to DNS,

however.

KH> For example, via MX records, as already mentioned, or via some

specially

KH> coded A record (see http://www.bondedsender.org/#dns-info).

Ken,

If I'm understanding the article at this link correctly, the way bonded
sender works is to certify certain IP addresses as non-spammer, and
then to provide a mechanism to report violations--in which case, the
"bonded" status of the sender's IP address is revoked.

This is not the idea behind RMX at all!  In particular, the presence of
RMX records does not imply that a domain is not spamming--only that the
messages you have received "from" it are not forged.


Yes, I understand that the meaning of the RMX record is different.  My
only point is that you can accomplish the same purpose without having to
invent a new resource record type.  All you need is a convention about
the meaning of the records.

[...]

2. Too many control points.  There are just too many domain names and

too

many domain name servers for the presence of an RMX record to mean much.
Yes, it reduces the forged header problem, but it's just too easy to set

up

your own domain name server that it will mean little in the way of
controlling spam.


This is not really a limitation.  Does it make more sense in the context
I've just described?


I understand it.  I just think that it has very little worth because of
that.



3. What do you do when there is no RMX record?

My proposal, for _any_ authentication scheme, is to bridge the gap with

a

"mandatory" challenge-response system.  If you disagree with that, what

is

your proposal for how mail from non-RMX systems should be handled.


Actually, my article explains RMX as a three-way handshake--that is, a
challenge-response.  See:


That's fine, but you still need to say what should happen when there is
no RMX record.  Since deployment could take many years, this is
important.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Willfull and intentional misunderstandings, Alan DeKok
Next by Date:  Re: [Asrg] RMX and aliases, Alan DeKok
Previous by Thread:  Re: [Asrg] Problems with RMX, Michael Rubel
Next by Thread:  Re: [Asrg] Problems with RMX, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]