ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proposal: NO_XMIT DNS record

2003-07-13 05:01:41
from [Daniel Feenberg] [Permanent Link] 


On Sun, 13 Jul 2003, Walter Dnes wrote:



  My proposal is for a NO_XMIT record in DNS.  It effectively stands the
RMX proposal on its head.  It would signify IP addresses that have no
business connecting to external MTAs.  This would be very similar in
function to MAPS DUL(TM) and other lists of dynamic IP addresses.  Here
is a sample implementation for discussion...


This is a proposal really worth discussing. I have some questions below,
but don't think they are intended as complaints. This is the best proposal
we have seen.

First, given the nature of existing DNS clients and servers, which
need to be updated to support a new record type? Just the authoritative
server? Or all the servers and the client too? If the latter, isn't there
a strong argument for overloading an existing record, such as MX, SRV, or
TXT? Is it possible to specify a transition period during which an
existing record is overloading, and a new record is established?

I like the fact that it is based on "consent of the sending ISP", which
is an important form of consent that hasn't had enough emphasis. As a
result, sending ISPs have few ready-made tools to suppress outbound spam. 

This is a refinement of three existing practices - 

(1) some receiving MTAs reject mail from hosts with the strings "dial-up"
or "dhcp" in their hostnames. Is that effective? Does it affect the way
ISPs name their systems? If systems avoid those names for this very
reason, then NO_XMIT will not attract them. Does Spamassain look at the
hostname? How many points for those strings?

(2) Some systems block outbound port 25 from dial-up lines at the router.
This seems very attractive as a policy, why would an autonomous system
support NO_XMIT rather than just blocking the port? If the intent is to
reduce abuse complaints, wouldn't that be more effective? Is the downside
router workload, or do some ISPs want to support direct to MX mail?

(3) You mentioned the MAPS DUL. Do systems voluntarily send their IP
address ranges to MAPS, or does MAPS generally figure it out for
themselves? If the latter, do we have any idea why they don't cooperate?
Does that indicate they won't cooperate with NO_XMIT? Will the existence
of a formal standard affect many of them?

Daniel Feenberg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Proposal: NO_XMIT DNS record, Walter Dnes
Next by Date:  Re: [Asrg] Proposal: NO_XMIT DNS record, Florian Weimer
Previous by Thread:  [Asrg] Proposal: NO_XMIT DNS record, Walter Dnes
Next by Thread:  Re: [Asrg] Proposal: NO_XMIT DNS record, Walter Dnes
Indexes:  [Date] [Thread] [Top] [All Lists]