ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] 6. Proposals - rDNS / MTA MARK

2003-12-02 15:40:57
from [Yakov Shafranovich] [Permanent Link]
The following response has been received from someone off-list. The person asked for his name to be kept private. 

Yakov

-------- Original Message --------
Subject: Re: rDNS draft for spam

>I wanted to get your quick thoughts on something. One of the proposals we
have called MTA MARK, uses the rDNS records to mark a specific IP as a mail server or not a mail server. The purpose of this is to allow ISPs to mark their IP space as such in order to reduce the impact caused by hijacked computers sending spam. This proposal has also been suggested to be expanded into a more general one, to let the IP address owner to be able to mark any IP and the services allowed from that IP. 

Putting things in the reverse map has both advantages and disadvantages.
I used for a while ISP that marked their whole IP range as spam source,
and at the same time refusing to forward email that did not conform
to <user>@<isp>.net. So I do not trust ISP's to do the right thing
and most of them do not have egress filtering thus allowing spoofed
packets to leave their networks.
TXT records are fine for experimentation a new record type is
the way to go if this is good approach but the cost of
backwards compatibility is high.
The argument that it is expensive to upgrade to a new type are
historic, most modern DNS software can handle unknown types [RFC3597].
Many people have raised concerns about the fact that things like this should not be present in the rDNS zone at all. I wanted to get your feedback on that issue and the draft in general. 

This is a issue that should be discussed in DNSOPS but my feeling
is reverse tree should be used better and this is as a good place as
any other for capability of a host.
I (personally) think the approach that uses the forward map to
list mail sources at zone apex, is better as that requires far
fewer entries.

The draft example seems to suffer from a common misunderstanding
that wildcard will match an existing name in a zone if the type
does not exist, this is false see:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-02.txt



-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord Acton) 
-------


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. Proposals - Legal - Subject labeling - FTC response, Jon Kyme
Next by Date:  [Asrg] 6. Proposals - "no-soliciting" ESMTP extension - New Draft Posted, Yakov Shafranovich
Previous by Thread:  [Fwd: Re: [Asrg] 0. General -- the state of play], Yakov Shafranovich
Next by Thread:  [Asrg] Re: 6. Proposals - rDNS / MTA MARK, Markus Stumpf
Indexes:  [Date] [Thread] [Top] [All Lists]