On Fri, Sep 26, 2003 at 10:32:15PM +0200, Markus Stumpf wrote:
On Fri, Sep 26, 2003 at 02:51:34PM -0500, Steven F Siirila wrote:
in some manner (e.g. DNS). Allowing IP block owners to set up these
attributes is a key difference from what we have today (DNSbls) which is
pretty centralized and more error-prone.
Although the bad guys will set "MTA=yes" for their hosts (which is in
some way correct behaviour ;-) we have moved them tighter to the corner
and DNSBLs can more easily deal with them. They don't any longer have to
take care of the whole IP address range (which is even worse with IPv6)
but only with a small dark place in the corner.
Go ahead and let the "bad guys" do this. Direct spammers are the easiest
ones to deal with today. The difficult ones are the ones that hop around.
Speaking of IPv6, does anyone know if there are any MTAs out there using
SMTP over IPv6 yet? We plan to be very restrictive at the time we roll
this out. For example, rDNS would be required across-the-board. Perhaps
"MTA=yes" could also be required if it were in sufficient use by then, too.
1.0.0.10.in-addr.arpa. IN TXT "ASRG.MTA=yes"
IN TXT
"ASRG.CONTACT=mailto:abuse(_at_)example(_dot_)com"
2.0.0.10.in-addr.arpa. IN TXT "ASRG.MTA=yes"
*.0.0.10.in-addr.arpa. IN TXT "ASRG.MTA=no"
I agree that we need to use an existing DNS RR to provide this information,
but I also believe that we should define a new RR to be used in preference
to this method for the long-term. Perhaps an "MTA" RR. TXT records are too
general-purpose to be used long-term, IMO.
IMHO the problem with a new RR (and that's why I tried to avoid it) is
that DNS software of all kinds has to be adopted. DNS server, DNS
resolvers and (IMHO the stronges argument against) ISP management
software. (Large) ISPs don't edit zone files with an editor. They have a
database and a GUI of some sort that is capable handling all sorts of
"well known" RRs.
I had quick and easy adoption mind and if all ISP management software
has to be changed to make use of the new RR it will either take a long
time or will never happen. TXT records are well understood and there is
Rosenbaum, R., "Using the Domain Name System To Store Arbitrary
String Attributes", RFC 1464, May 1993.
;-))
I understand the difficulty in adding new RR's. However, that shouldn't
stop us from getting such a record put into the "long pipeline" so that
it would eventually become just another "weel-known" RR someday. I was
not aware of RFC 1464; thanks for the reference.
There are a number of ways that this could be implemented; given the
amount of open-source software out there, a patch could easily be made.
Surely ... and not really an issue.
\Maex
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg