At 01:09 PM 6/17/03 +0200, Markus Stumpf wrote:
[heavily edited]
And I surely don't stop aguing that a TXT record with the contents
"MAILSERVER" in reverse DNS would be much faster and easier deployed
and effective than RMX or companions. And it would save us from
accepting email from all the broken workstations, homecomputers, open
proxies and virus infected hosts that never had been intended to be a
mailserver.
...
Yeah I know, reverse DNS is lame.
Maybe, but it still might be the best alternative.
I'm assuming when you say "in reverse DNS" you mean look up
<reverse-IP>.in-addr.arpa get the TXT record for that A record,
and check if it's "MAILSERVER".
If so, then it doesn't address the same problem that RMX/SPF/DMP
et al addresses. Not that that's bad, just an observation.
I think I'd go a little further and have the record say
"MAILSERVER=YES" or "MAILSERVER=NO".
A tiny bit more information, and RFC 1464 compliance.
Seems to me that it until very wide adoption occurred,
it would only be useful for identifying IPs that may send mail,
and no good for identifying IPs that can't.
Does anybody currently maintain a white list of IPs that are
outbound mail servers?
Combining the two might make a very good system.
And I yet have to see that RMX or companions save us from the problem
to order some hundred 9nerauhi3250780asd.com type domains, use short
TTLs (5-10 seconds) and add RMX records for the open relays that are
abused right now. The next thing surely will be that TTLs < 86400 for
RMX records are forbidden ...
Yep, RMX isn't a be all, end all solution.
It only addresses the problem of forgery,
and not as well as other alternatives IMO.
Scott Nelson <scott(_at_)spamwolf(_dot_)com>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg