Vernon Schryver wrote:-
The RMX check as I understand it is intended to ask the people who own
the envelope sender domain name if the IP address of the SMTP client is
authorized to send mail with that sender name. If the HELO value matches
the sender name, and if one of the IP addresses of the HELO value is that
of the SMTP client, then the SMTP client is authorized.
So you are implyng an SMTP protocol change: the HELO line must specify a
domain name. If you are going to assume changes like that in your replies to
other peoples proposals, lets see your properly worked out proposal
containing all such changes.
When you write it up (if ever) please remember to note that an MTA acting as
sender for several domains would have to terminate its connection and
reconnect with a new HELO each time a mail item isn't from the same domain
as the previous item - this may be a significant operational change for some
providers. (I wonder why Postel took this particular <host> parameter of
helo out when he upgraded RFC788 to RFC821. Could it have been to cater for
MTAs serving multiple domains, I wonder?)
The reason to check reverse DNS name is to cover the case when the
SMTP client is authorized to send mail for more than one domain name.
Some MTAs will need (tens of) thousands of rDNS answers - quite a big DNS
transaction to get all those back (unless of course you are proposing that
no host can act as outgoing MTA for more than one domain - now that would
cause quite an upheaval, probably do more economic damage than all the
spammers in the world).
Even then, it just doesn't work: the MTA you see is the ISPs outbound MTA
(many ISPs block port 25, of course, so their users have to relay through
the ISP's outbound MTA), not the originator's mail client machine, and the
originator's mail client machine will not have the same domain name as that
MTA (unless of course part of your proposal is to allow lots of hosts owned
by lots of different organisations all to have the same domain name instead
of having domain names connected with the organisations, which is rather a
big change to the internet as we currently understand it). Maybe you think
that you can adapt your idea to use MX records - but I have news for you
buddy, outbound MTAs are often not inbound MTAs so they won't have MX
records.
To me, what you are describing is a half-baked attempt to do what rMX would
do by using mechanisms that are just not capable of doing it.
Tom
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg