On Wed, Jun 18, 2003 at 12:56:04PM -0500, gep2(_at_)terabites(_dot_)com wrote:
We are presently
requiring reverse DNS for IP addresses of MTA's which connect to our MX
(with exceptions, which are dwindling). This has nothing to do with the
MAIL FROM domain, it simply means that if you connect to us, your IP address
must have a name, and that name must map back to your IP address. What you
suggest above is exactly the sort of next step we're looking for; namely,
a DNS RR which tells the world that a particular host name has been designated
as an MTA (outgoing at least).
There are a number of us advanced/small users with home offices who presently
run our own outgoing SMTP mail server, behind a router using NAT. Not all
(valid, legitimate!) outgoing SMTP servers have fixed/permanent IP addresses.
We do not allow connections from dynamic IP addresses. There is simply no
way to account for unauthenticated email (that is what we're talking about
here) without at least tying the messages to a fixed IP address. Of course
our users can let specific addresses through such a block based on a request
by the remote user (via URL).
Likewise, since I have a "residential" type high speed connection, I have
*very*
limited abilities (and that only because of my own domain names, but I don't
have my own Net-accessible DNS server in any case) to manipulate the DNS
records
associated with those domains.
If you want to be an MTA, we feel you should be registered as one in DNS.
You don't even need the registered name to be in your domain, it simply
needs to map to a name which then maps back to the original IP address.
Without this, bad users in a dynamic IP range cannot be blocked individually.
I suspect that a fair number of other consultant-type users are in a similar
boat to myself on points like this. It's the needs of some of us
'advanced/small' users which the spf folks seem willing to totally ignore.
In today's spam-ful world, something has to give. Sites need an incentive to
tighten up controls and this is simply one more "tool" that can be used.
Even AOL has become more restrictive:
# telnet mailin-01.mx.aol.com 25
Trying 64.12.137.89...
Connected to mailin-01.mx.aol.com.
Escape character is '^]'.
220-rly-xg02.mx.aol.com ESMTP mail_relay_in-xg2.7; Wed, 18 Jun 2003 15:52:07
-0400
220-America Online (AOL) and its affiliated companies do not
220- authorize the use of its proprietary computers and computer
220- networks to accept, transmit, or distribute unsolicited bulk
220- e-mail sent from the internet. Effective immediately: AOL
220- may no longer accept connections from IP addresses which
220 have no reverse-DNS (PTR record) assigned.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg