Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> wrote:
I've seen various proposals for RMX and variants. There are two major
problems...
There are more problems with RMX-style solutions than the two you
posted. For RMX, the single largest problem is the requirement of a
new record type, which your proposal shares.
My proposal is for a NO_XMIT record in DNS. It effectively stands the
RMX proposal on its head. It would signify IP addresses that have no
business connecting to external MTAs.
This is semantically identical to the DUL blacklists, but
implemented differently. It shares the DUL problem, in that
administrators have to sign up to an "opt-out" list for it to work.
Experience has showed that opt-out lists are problematic. In
addition, there are ~2^32 possible machines which are not dedicated
MTA's, and ~2^18 or so long-lived MTA's. (See previous stats posted
to the list)
So an "opt-in" list of "yes, I'm really an honest ISP" would be
smaller, and probably more effective.
2) Your MTA queries someting like "host -t NO_XMIT 10.1.2.3"
Implicit in that statement is a global manager for the list, similar
to the existing reverse map.
i.e. You're looking up IP's, not domains. So this proposal *cannot*
be implemented by updating DNS for a domain, there *must* be a global
registry.
3) This proposal depends on ISPs wildcarding their dynamic IP address
ranges to return 127.0.0.2. However, it will have much less
logistical hassle than trying to maintain *UP-TO-DATE* lists of who
can send for whom from which IP addresses.
Is it really that difficult to update a reverse record, at the same
time as you update an MX record?
4) I'd prefer to use strictly the 127.0.0.2 return value for rejection.
This would allow for future extensions, e.g. 127.0.0.3 might mean
that an RMX record exists, and you can further query it if you wish.
TXT records?
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg