On Sat, Aug 30, 2003 at 05:55:24PM +0200, Brad Knowles wrote:
At 5:55 PM -0500 2003/08/29, Steven F Siirila wrote:
Ideally, MTA's would identify themselves as such. For example:
mta5.exchange.microsoft.com TXT
"ID=MTA,ABUSE=abuse(_at_)microsoft(_dot_)com"
(or whatever format makes the most sense)
I suppose the same could be done using just the reversed IP address, e.g.:
3.2.1.10 TXT
"ID=MTA,ABUSE=abuse(_at_)microsoft(_dot_)com"
I think we can take the previous example of WKS records, and the
current example of PTR records, as predictors of accuracy and success
of this concept. In short, I don't see where this is going to work.
If you're a spammer, and you own your own domain (as so many do),
you can create your own DNS records, so that you can by-pass checks
like this. Indeed, many spammers register domains, spam from them
for hours or maybe a few days, and then throw them away. You'd be
causing legitimate senders to jump through additional hoops to send
you e-mail, but since spammers adapt very quickly, you wouldn't
really be hurting most of them.
You missed the point. Spammers do NOT control the DNS for trojanned PC's
and open proxies which appear to be our primary problem now. Direct spammers
are the easiest ones to catch already; who cares if they want to better
identify themselves?
If you were using forward records, you wouldn't even slow down
people using viraspam-based distributed spam networks (e.g., those
created by a more sophisticated and less obtrusive version of
SoBig.F), because you could just list wildcard records in the DNS,
and anyone from any IP address could make an apparently valid claim
that they should be allowed to send e-mail through this mechanism.
That is only true if you don't require rDNS in addition. I'm not 100% sure
that everyone is going by the same definition of rDNS I am either. By rDNS
I am strictly speaking of the connection IP address, it's associated PTR
record, and the A record of the name returned by the PTR. Not the HELO.
Not the sender domain in MAIL FROM. Both are easily forgeable.
The situation for reverse DNS is even worse.
With rDNS I can at least be assured that the owner of the in-addr.arpa space
is the owner of the domain named in the PTR (or at least an agreement exists
between the two). BTW, having this domain makes it easier to determine an
abuse address to send reports to, too.
I see similar problems for RMX-like proposals.
We could never use RMX due to its tying in with the MAIL FROM domain.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg