I would like to make some comments in the RMX and DNSRBL areas in general.
First of all, as someone else pointed out two days ago in the list,
there are several competing proposals for DNS-based verification (RMX,
DRIP, etc.). We need someone who has knowledge in this area to figure
out how to reconcile these proposals.
Second, we also need to sit down and evaluate how RMX and DNSRBLS affect
existing systems, and how viable are they. The tech consideridations
document and requirements document would help here, and the tech
considerations document actually has a checklist. We also need to figure
out how this fits in within the consent framework, if we are going with
proceed with the notion of consent.
Third, the issue with DDOS and DNSRBLs has relevance in the BCP area
from both the side of the operator of the blacklist and the customers of
the blacklist. For example, we need guidelines on how an anti-spam
system should deal with a DNSRBL that has been DDOSed or has gone beserk
(like Osirusoft has down recently). While technical issues are
important, we also need to deal with some policy issues. I think that
some of the folks involved with both DNSRBLs and DNS can give invaluable
input on the policy side. BTW, Chris Lewis and Matt Sergeant have been
doing some work on the BCP area, and a draft should be forthcoming soon.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg