Today, the only thing in an email that's pretty much guaranteed not to
be forged is the source IP.
If LMAP/MARID becomes widespread, domains (in HELO, 2821 FROM, 2822
From:, etc.) will be like IPs:
They, together will be the only thing in an email that's pretty much
guaranteed not to be forged.
So the next logical question is: are RHSBLs better than what I'll term
"IPBLs" (AKA traditional RBLs/ DNSBLs, i.e. the ones listed at sites
like openrbl.org and moensted.dk)? Or have we just (to make a lame
analogy) replaced a knife whose blade is sharp on the left with one
that's sharp on the right, but we're fighting a tank.
Why or why not?
1)Which is easier to run? use?
2)Which can provide greater opportunity to be more accurate?
(Assuming spammers have already adapted to widespread RHSBL deployment
and use.)
This topic is important for ietf-mxcomp, but not what the Charter says
should be discussed there right now, so I'm posting to the main list.
We don't want to try everything and see what sticks; we want to develop
a plan to achieve ultimate victory in the long term. (Unless we are
part of the industry and don't want the problem resolved once and for all!)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg