ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - rDNS / MTA MARK

2003-12-02 19:55:27

Putting things in the reverse map has both advantages and disadvantages.
I used for a while ISP that marked their whole IP range as spam source,
and at the same time refusing to forward email that did not conform
to <user>@<isp>.net. So I do not trust ISP's to do the right thing
and most of them do not have egress filtering thus allowing spoofed
packets to leave their networks.

Marking would only be one element in the total picture.  An ISP that
marked every address as an MTA would probably be subject to other
sorts of classification.  Re filters: MTA Marking has the advantage of
merely providing advice.  If I choose to accept SMTP connections from
my friend Joe's DSL system, I can do so even if his IP address is
marked as "not an MTA" (or more properly, "not an MTA that the owner
of the IP infrastructure operates).  I couldn't do so if the marking
was via firewall.  I prefer the approach that provides information and
lets participants act on that information.

You're always going to have bad actors (in this example, ISPs); I
don't think that's anything specific to MTAMark.  (That's similar to
that comment about how LMAP is bad because it will encourage viral
infections:  you can't not do something because somebody will do
something else bad.)


This is a issue that should be discussed in DNSOPS but my feeling
is reverse tree should be used better and this is as a good place as
any other for capability of a host.

Indeed.


I (personally) think the approach that uses the forward map to
list mail sources at zone apex, is better as that requires far
fewer entries.

But that's a different thing.  There's domain/MTA scope a la LMAP, and
there's IP marking a la MTAMark.  Unless I miss your point (which is
altogether likely).


The draft example seems to suffer from a common misunderstanding
that wildcard will match an existing name in a zone if the type
does not exist, this is false see:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-02.txt

D'oh.  It's easy to make that mistake, even when one knows better.

-mm-

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg