On Tue, Apr 12, 2005 at 08:58:10PM -0400, Seth Breidbart wrote:
Every ISP knows which of its IP addresses hold machines that ought to
be allowed to send email directly outside its network.
I doubt that.
If we give e.g. a /28 to a (business) customer we don't know which IP the
mailserver will be on (if any). I don't think we are different with this regard
to
the majority of all other ISPs.
We get a hint if the customer wants us to set up revDNS and add a RR that points
to a machine named "mail" or "exchange" but sometimes the name is "www" or even
"snoopy".
That's local
knowledge. Nobody has complete and accurate global knowledge.
But that could be made public with MTAMARK ;-)))
Bottom line is, you'll have the same problem convincing people to
block outbound 25 as you will convincing them to implement SPF.
They can do both. But blocking port 25 causes their network to send
me a lot less spam, which gets them fewer complaints and makes their
legitimate email less likely to be blocked. Some networks like that.
And it is *much* easier deployed.
There is a big difference between 5 or 10 rules in 2 to 20 border routers and
SPF lines in some 10K domains and also to the RRs in those domains.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg