From: Mike Rubel <asrg(_at_)mikerubel(_dot_)org>
...
Do dialup or traveling users run their own MTA's over the dialup line?
Nope--they have remote, permanent servers, which they access via POP or
IMAP. Somewhere, somehow, they rely on machines that are listening
24/7. I have such a machine myself. Call it "BBS-style" if you like,
but it's a present-day fact.
That is a common mode, but not the only one. Some travelers and
certainly some diaup users run MTAs over dialup lines.
...
Nobody's outlawing anything. If Hotmail wants people to stop forging
their name on mail, then yes, they need to make sure that remote users
send via their mail servers.
Perhaps my use of "outlaw" was a bad choice. I meant "practically
prohibit" instead of anything about laws. Isn't the intent of the
RMX proposal to practically prohibit using a domain name other that
of the reverse DNS name or a few other special cases?
Your use of "forge" is clearly a bad choice. "Forgery" is about
fraud. See http://www.m-w.com/cgi-bin/dictionary?va=forgery
While some uses of Hotmail sender addresses are "forged," a substantial
number, even in spam, are not. It is not "forgery" to use one of your
Hotmail mailboxes as a sender value no matter from where you send the
message.
They have a wide variety of commonly-used
avenues for implementing this. Their webmail users don't have to change
anything. If hotmail admins still want people to be able to send
hotmail from other machines, they can provide smtp-auth service. How
does this become a problem?
In practice, I think it would be impossible for Hotmail to provide
SMTP-AUTH. First is that the problems of managing the authenticating
shared secrets for millions of users with an incredibly high "churn"
rate would be killers. Second, many Hotmail users could not use
SMTP-AUTH because SMTP-AUTH uses port 25 which is more commonly filtered
for users likely to pick a free provider than others.
Yes, when port 25 is filtered, running your own out-going MTA also
doesn't work, There is also SUBMIT which uses port 587.
VS> Another common case involves people traveling. If you plug your laptop
VS> into the network of a hotel or one of your consulting clients, you
VS> might prefer to use an envelope and From header address at your home
VS> systems instead of room1234(_at_)losangeles(_dot_)merriot(_dot_)com or
guest(_at_)example(_dot_)com(_dot_)
So they send the mail through their own office's mail servers. Again,
no problem.
That's a problem or not depending on how they normally send mail.
...
Hotmail has a strong incentive to adopt RMX records--it would give them
the ability to prevent spammers to send mail claiming to come from
hotmail.com. Which means potential recipients of hotmail.com mail would
stop thinking they're the source of all the world's spam.
How do you know that incentive is strong for Hotmail? How do you know
it is stronger than the prospect of driving away at least some users?
I tend to disagree with the implication that having RMX would drive away
any significant number of hotmail users. Most of them simply access the
webmail interface; since hotmail does not forward, they need to use it to
read their email anyway.
Most of the people I know who use Hotmail return addresses do not
use Hotmail's systems to send mail.
- it assumes that you can't already decide to accept mail with Hotmail
sender addresses only if it comes from a Hotmail SMTP client. In
fact it is common to check that the source of Hotmail mail is
Hotmail.
Sure, you can search on the web to find what hotmail.com's outgoing mail
servers are, and set up special filters on your system to only accept mail
from hotmail.com provided it arrives from one of those. The system works
for hotmail.com--and only hotmail.com--until they change the IP addresses
of their mail servers, at which time they seem unlikely to inform you.
That is wrong. The common procedure has nothing to do with web
searching but is comparing the reverse DNS name of the STMP client
with the envelope sender domain. That works for many and probably
most major free providers as a sort of self-fullfilling prophecy.
Many people who might use the RMX have imposed this check on mail from
major free providers for many years.
Why not just use RMX, which automates all of this?
Because the reverse DNS check already automates it?
...
- if you want to mark systems that follow Paul's convention so that
you know which don't, you could pick a large MX preference that
its extremely unlikely to be used for anything today. For
example, I bet that among the millions of MX RRs today, none
has the preference 65391.
This is a reasonable alternative, but isn't it simpler to post RMX records
instead? Rather than introducing a new special case in an existing RR,
you introduce an RR for that purpose.
That seems clear and unambiguous, but I can't believe I understand it.
Do you really mean to claim that creating a new RR type is not vastly
more difficult than special casing an unused MX preference but easier?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg