On Jul 1, 2009, at 7:20 AM, Alessandro Vesely wrote:
John Leslie wrote:
The CSV paradigm is that the operator of a MTA should exercise some
responsibility for what is sends. The HELO string identifies the
MTA (though not necessarily one string exclusively by one MTA), and
the DNS management for that domain-name string states whether that
domain exercises responsibility (and by automatic return of
A)ddress RRs on SRV queries, what IP address(es) that MTA uses).
The link from the MTA to its operator is still missing.
Disagree. Based on our results, when only a few domains publish an IP
addresses of an Outbound MTA, it is rather safe to assume the domains
represented by verified EHLO information resolve who is administrating
the MTA. When there are many domains, this appears to represent
either MTAs operating behind a NAT, or compromised systems; sometimes
both. It appears to be rare for legitimate Outbound MTAs to change
domain affiliations. From a reputation standpoint, verified EHLO
information offers stable identifiers in which to effectively and
efficiently manage email abuse. This method should scale since it
establishes management hierarchy.
To this end, I'd prefer the use of a domain name. One reason is that
large ESP have many MTAs that can be used interchangeably. In
addition, the person responsible for an MTA is not always
identifiable (in Italy, the mandate to state who are the sysadmins
of an MTA is being procrastinated every few months, since November
2008.) By contrast, domain registrants often have whois records
pointing to them.
While larger ISPs are likely to have a few hundred outbound MTAs, they
represent a very small percentage of overall legitimate Outbound
MTAs. Larger ISPs likely represent less than a few hundred thousand
Outbound MTAs, over several million other legitimate MTAs. A
reputation system might replace the existence of CSV records, however
initial acceptance and tracking can be improved by the presences of
CSV records. Being able to identify legitimate Outbound MTAs reduces
the vetting of hundreds of millions of domains associated with Mail
From or PRAs, where each domain likely covers massive address lists.
Legitimate Outbound MTA domains will resolve to a small set of
addresses each.
Efforts to combine the addresses used by a domain is counter
productive when it comes to resolving problems, or when dealing with
initial SMTP connections. When it comes to SMTP, direct relationships
involve less overhead which improves efficacy and efficiency to the
point of perhaps permitting use of IPv6.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg