ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - DNS-based - LMAP and related

2003-12-05 05:04:35
Yakov Shafranovich wrote:
Another LMAP-like variant has been posted as an Internet Draft:

http://www.ietf.org/internet-drafts/draft-stout-antispam-00.txt

Here are my comments on this document, with the text they apply to quoted:

"implementation recommendation" - BCP or STD? Readers should be able to tell from the first line.

   Sender: FQDN (Fully qualified domain name) that is stated
     to be the sender of the e-mail message, as provided via the
     'MAIL FROM' part of the (E-)SMTP dialogue (sender(_at_)domain(_dot_)name).

This definition is not consistent. Is it the MAIL FROM domain part, or is it the mailbox and domain parts?

    Mail servers exchange e-mail with each other by way of the
   (E-)SMTP protocol [1]. For any message to be received, the Receiving
   MTA will acquire the following details during connection setup and
   the SMTP dialogue [2]:

   o   Sending MTA's IP address
   o   Sending MTA's host name
   o   Sender of the message (as provided via the 'MAIL FROM')

The last 2 members of this 3-tuple can be forged. It should read "Sending MTA's claimed host name" and "Claimed sender of the message".

   After an extensive analysis the conclusions to determine if you are
   spammed are:

   1. There can be no conclusion based on the existence of a
      PTR-record for a Sending MTA's IP address.

   2. There can be no conclusion based on a (mis-)match between the
      supplied Sending MTA's host name and the reverse-DNS name (PTR).

   3. There can be no conclusion based on the fact that the Sender's
      e-mail address is valid.

For the first 2, there may not be a direct correlation (no PTR -> SPAM!), but there could be a statistical correlation (no PTR -> SPAM with a 40% certainty), which a statistical filter could take advantage of. As for the third, Hector Santos would beg to differ, as he has shown that some spammers are stupid enough to give MAIL FROMs that do fail return-path validation.

The solution is to require from all domain names to register ALL their mail servers (host names) within the DNS MX records.

    Send-only mail servers MUST also be registered in the MX records,
    and they should be given the lowest possible MX priority (65535).

I don't think this is a new idea; I remember a similar proposal by DJB some time back, although I can't find it now. Additionally, in the ASRG, we have concluded that this would be semantically incorrect, because sending MTAs that predate this standard will attempts to deliver mail to those MXs regardless of the possibility that the message will be rejected explicitly because that MTA rejects outside connections or assumed rejected by the sending MTA because the receiving MTA didn't accept it at some stage.

I'll not go further now

Philip Miller


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>