ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] RMX evaluation (was RE: Is there anything good enough? - Spoofing stats)

2003-05-08 09:21:40
from [Paul Judge] [Permanent Link] 

This is a clear list of arguments against RMX. To move this conversation
forward in a meaningful way, let's do a few things:

Vernon, can you post Vixie's suggestions that you referring to so that
everyone is aware of them. Can you also explain in more detail the
difference between those and RMX to show why you say that it is simpler.

Hadmut and/or Mike, please read the other links that Vernon provided "
http://www.google.com/search?q=match+sender+domain+hotmail and
http://www.monkeys.com/anti-spam/filtering/additions.html";  and provide a
comparison between those and RMX?

Paul
 

No, I don't approve of RMX.  I believe
  - it is redundant and unnecessary because existing 
mechanisms achieve
     can stop mail from free providers that does not come from each
     provider's MTAs.
  - there are simpler, already largely deployed ways to do exactly
     what RMX does without a new RR, including Paul Vixie's 
suggestions. 
  - the new RMX RR will never be seriously considered in the DNS WG.
  - if by some fluke that happens it will never pass Last 
Call in a DNS WRK.
  - if everyone is asleep there, it won't pass IESG review or 
main list
     Last Call.
  - if it does get standardized, it will not be widely 
implemented in MTAs.
  - it will not be installed by the organizations you need to install
     it, including Hotmail, AOL, and Microsoft, because they will not
     change their business models.

I'm beginning to get the impression that RMX proponents are 
egregiously unaware of how SMTP works and is commonly used.  
Contrary to statements from RMX propoents, current standards 
and practices support rejecting mail from a free provider 
that does not come from the free provider's MTAs.  Many MTAs 
have been doing exactly that for years.  For example, see the 
pages found by 
http://www.google.com/search?q=match+sender+domain+hotmail 
including http://www.monkeys.com/anti-spam/filtering/additions.html



You're expending an awful lot of energy trying to break down the 
process but
you are an advocate of something much more anti-standards 

and intrusive.  

Using existing standards is less "anti-standards" and less 
intrusive than demanding other people do things including 
change their business models and demanding changes to 
standards such as DNS.  The current standards and practices 
already support rejecting free provider mail that does not 
come from the free provider's MTAs.  (I'm repeating myself 
because repetitions in previous messages were apparently unclear.)

I think resisting standards changes that are based on willful 
ignorance of existing standards and current practices is 
required to keep the IETF process from breaking down completely.



Instead of blocking the spammers from using those domains you block 
everyone.


As I've said many times over the years including this list, I 
think free providers are parasites on the Internet because of 
how they handle network abuse.  I do not expect you or other 
ASRG contributors to share this extreme view and I certainly 
do not expec the free providers to change.  I do not block 
all users using those domains, but only almost all.  My free 
provider blacklist has a handful of whitelist holes.



...I think demanding that free providers
change to fit my model of how they should run their businesses to 
suit my convenience would be wrong.


Then why are you doing it?  Why are you saying "you can't have free 
e-mail or
I won't accept your messages"?  You are absolutely telling 

them how to run 

their business if they want to send you mail.


Yes, but only if they want to send me mail.  Contrary to you 
model, they are free to send each other mail that complies 
with their providers' terms and conditions.  I think that 
even spam is just fine, provided it stays on the spam 
friendly side of the net and away from me.



with postfix (which you seem to use).

I only use pieces of it.  I'm working on an SMTP proxy with 
finer-grained
scriptable rules and logging to a database.


So why haven't you long since implemented the standard checks 
to prevent what you call "spoofed" free provider mail?


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Temporal properties of secondary sources, Eric Brunner-Williams in Portland Maine
Next by Date:  [Asrg] RE: Request to mailing list Asrg rejected, Paul Judge
Previous by Thread:  [Asrg] Consent, ASRG, and RMX, Alan DeKok
Next by Thread:  [Asrg] Re: RMX evaluation, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]