ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS (OMX v. DRIP)

2003-09-14 23:12:39
from [david nicol] [Permanent Link] 
On Wed, 2003-09-10 at 01:35, waltdnes(_at_)waltdnes(_dot_)org wrote:


The proposal
============

  The proposal is that ISPs publish a list of their outbound email
servers and any static IP address ranges that are authorized to send
email direct-to-MX.  All other IP addresses within the ISP's domain
would be assumed to be unauthorized to send email direct-to-MX.  The
publishing could be on a web page.  The addresses could be either
numeric, or rDNS patterns.  A real-life example is AOL.


Does anyone argue with this?  The only problem is selecting
a standard for publishing the information.  I suggested one
last may (and june) in a message archived here:

http://msgs.securepoint.com/cgi-bin/get/djbdns-0306/9.html

and I suppose I'll keep posting links to it until I see something
equivalent in the form of an I-D, and then I'll link to that.

Okay, DRIP
http://www.ietf.org/internet-drafts/draft-brand-drip-01.txt
is very similar; however instead of 


         192_0_2_10.IPv4.relays._email_.M.EXAMPLE.COM.  IN A  192.0.2.10

         192_0_2_11.IPv4.relays._email_.M.EXAMPLE.COM.  IN A  192.0.2.11

         127_0_0_1.IPv4.relays._email_.M.EXAMPLE.COM.   IN A  127.0.0.1

OMX would have example.com list

        omx.m.example.com IN A 192.0.2.10
        omx.m.example.com IN A 192.0.2.11
        omx.m.example.com IN A 127.0.0.1

up to the first seven relays, if there are seven of
them then we put the next seven in omx1... and then
omx2... until there aren't any more.

This means, less DNS traffic.  It is harder to get wrong than
DRIP, which appears to insist that the address gets repeated
in the name and the response.


As for what it is reccommended that the MTA do with the listedness/notlistedness
of the peer, I guess that isn't beyond the scope of the to-be-written
OMX I-D, since it is included in the DRIP draft.





Advantages
==========

  1) This proposal does *NOT* require new types of DNS records or other
protocols.  It can be implemented within the existing structure.  AOL
already does this, an example that it can be done.

  2) Lists of authorized sending addresses/rDNS-patterns will generally
be much smaller than lists of residential IP addresses.


Amen.




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. When To Reject, david nicol
Next by Date:  Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Scott Nelson
Previous by Thread:  Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS, Raymond S Brand
Next by Thread:  Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS (OMX v. DRIP), Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]