On Jun 25, 2009, at 10:40 AM, J.D. Falk wrote:
Danny Angus wrote:
I tried some time ago to articulate some tests which any proposal
ought
to at least acknowledge, which you can find here..
http://www.killerbees.co.uk/draft-irtf-asrg-criteria-00.html
You may find them helpful.
Nicely done; I think this could be the start of a very useful
document. Any interest in starting up work on it again?
First steps could be:
- update terminology to match draft-crocker-email-arch
- include some examples taken from other RFCs, both successful and
non-
This draft overlooked an important area. It assumes a viable and
scaleable means to identify initial senders when confronting massive
levels of abuse. Simply put, without a two tier approach to abuse
that begins by identifying outbound MTAs, email will not remain
viable. This paper overlooks that need.
- Include a means for efficient and efficacious host name
identification and domain level authorization of systems granting
access for outbound public (non-authenticated port 25) SMTP messages.
Even reverse DNS queries often impose a too great of a burden on
resources due to bot-net related abuse. :^(
Reducing the number of systems that need vetting are best consolidated
by identifying the outbound MTA explicitly signified as providing this
service within the forward facing name space. A means to explicitly
facilitate this function becomes more necessary with increased
inclusion of IPv6 and further growth of bot-nets. Once outbound MTAs
provide stable and specific identifications within the domain name
space, the immediate vetting this allows provides a much needed
reduction on the resource burdens imposed upon SMTP by abuse. These
schemes should also not cause undue burden on DNS either.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg