ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] SPF's helo identity as a reporting target

2012-05-13 14:55:16
from [Chris Lewis] [Permanent Link] 
On 12-05-13 02:40 PM, Alessandro Vesely wrote:

On Sun 13/May/2012 20:13:44 +0200 Chris Lewis wrote:

On 12-05-13 01:21 PM, Alessandro Vesely wrote:

That seems to imply that it is necessary to use scripts to keep helo
names, IP addresses, and SPF in sync.  Would that be worth?


The reality is going to be is that since it relies on SPF to be valid,
few people would bother implementing it on the sending side, and there
will be more than enough people ignoring the requirement to SPF verify
before trusting it, that kabooms! will still happen.


So it would be an error-prone technique?  We are talking about
/postmasters/ extracting target addresses for abuse reporting, not end
users.  Shouldn't that imply some knowledge?


It should.  But it doesn't.


SPF records are going to sport a new ra= modifier, specifying an
address for reporting authentication failures, not abuse.  That may
bring further confusion, in fact.


Right.

As one said "the best thing about standards is that there's so many to
choose from" ;-)


There are other ways of doing this that doesn't require ancillary gunk
like SPF. There's at least one IP-based DNSBL that yields the same data.


Which one do you mean?  DNS lists like abusix get their data from
RIRs' whois databases.


That's an implementation detail.  There's no reason that they'd _have_
to.  Mine doesn't rely on whois for responsible domain or abuse contact.
 While it does the published RIR maps for allocations and countries, it
does no whois queries.

abuse.net's doesn't use whois for anything.  I don't think Cymru's or
Mynetwatchman's does.

It's _very_ hard to get domains from whois in an even remotely "global
sense", let alone abuse addresses.


In that case, virtual MTA providers would have
to restrict their choice of network providers based on proper
management of whois records, besides cost, bandwidth, uptime, support, ...


"Proper management" of IP whois records is probably coming as unlikely
as it seems, so another reason for it wouldn't hurt.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] SPF's helo identity as a reporting target, Alessandro Vesely
Next by Date:  Re: [Asrg] SPF's helo identity as a reporting target, Chris Lewis
Previous by Thread:  Re: [Asrg] SPF's helo identity as a reporting target, Alessandro Vesely
Next by Thread:  [Asrg] Reporting targets, was SPF's helo identity as a, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]