On Tue, 19 Oct 2004 19:21:32 +0200, Markus Stumpf wrote:
Exactly what is the difference between typing
smtp-out-185
and
185.smtp-out
Even the nummer of characters is the same.
and
If an "admin" cannot handle this he should probably talk to the people
at AOL or Yahoo or getit or many others that know how to do it right:
imo-___.mx.aol.com
lsvsm-m__.elist.aol.com
web____.mail.in.yahoo.com
____.bulk.scd.yahoo.com
nl__.mx.getit.de
Markus, I'm in complete agreement with you; ISPs should corral all their
official mailservers under special subdomains. However, Jochen appears to
be pointing out a significant disadvantage -- that, absent some
specification, ISPs have implemented their own internal methods of
determining official mailservers, and that they aren't going to change
without a significant reason to do so. For example, Cox Cable (a big ISP
here in the USA) names its mailservers counter to your scheme, and neither
you nor I alone will prevail upon them to change.
For the counter position to be implemented, list matches have to be done
using regular expressions individualized to the ISP, which, while more
powerful, is time-consumptive. I like your idea of using less powerful
natural breakpoints (the dots) in the name syntax to help the matching be
done at a lower cost. As a side effect of your proposal, the techie in
charge of the mailserver does not have to know regular expression syntax
-- your wildcards all start with a dot, and comprise an entire subdomain.
Your method allows wildcarding to be implemented as substringing.
For example, if you want to know that an aol.com mailserver is "official",
you pattern match its reverse dns to .mx.aol.com or .elist.aol.com. If
the mail you are scanning is emitted from .ipt.aol.com (aol's customer
domain, and the origin of many Korean spam attacks), you know that the
mailserver is not "official", and you can do what you want. By the way,
.mx is Mexico, so whatever pattern matching you do, you can't do it on the
root domain.
By the way, my milter implementation of this allows a full domain to match
a wildcard (if the domain fails by substringing based on dot) by adding a
dot to the front of the domain and running an exact-match test. This
allows people whose DNS is provided by their registrar to not have to
implement DNS themselves until they've grown up a bit, yet to prepare for
it in the milter. Of course, I myself am small fry and don't have
subdomains (yet).
As a side effect of this discussion, I'm wondering if Caller ID or any of
the other DNS extensions proposed by major vendors make any sense;
protocol changes which require no new software always are preferable to
those that do. I'm at the end of a DSL line, and my vendor advertises
that it allows everything inbound/outbound, which is really what the
standard SOHO user wants. To that end, my vendor reverse-DNS's my IP
address, and will probably Caller ID it as well if that becomes the
standard.
Douglas Campbell
doug(_dot_)campbell(_at_)cantspam(_dot_)us
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg