ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] RE: I think we can punt the hard stuff as out ofscope.

2007-06-06 07:46:08
from [Hector Santos] [Permanent Link] 

I don't think so. This is NOT standard practice.
Now, if you said no CNAME and A records, otherwise a PURE NXDOMAIN, then yes, there is a growth in these types of ANTI-SPAM techniques.
We do it ourselves in our WCSAP package with includes CBV. If there is no MX/CNAME/A, the transaction is rejected with a 45x.
This works nicely with a similar GREYLISTING effect because the BAD GUYS do not try again. The GOOD GUYS do have legitimate setup.
Finally, in the past week we been helping a new customer and he didn't have his MX record setup and he still doesn't as of today.
The fact that we been communicating back and forth via our support email channel means that the A record fallback is STILL an EXPECTED standard in SMTP. If we used this MX only idea, we would never be able to communication with him.
Anyway, I'm not saying you can't use this technique as part of a total ANTI-SPAM concept, but that it shouldn't be part of the SSP concept. 

--
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:

A friend with a small local mail server that ONLY sent out good,
legitimate mail was blocked by almost everyone for lack of an MX record.
Old days are gone.






thanks

Bill Oxley
Messaging Engineer
Cox Communications
404-847-6397
-----Original Message-----
From: Hector Santos [mailto:hsantos(_at_)santronics(_dot_)com] Sent: Wednesday, June 06, 2007 8:16 AM 
To: Douglas Otis
Cc: Oxley, Bill (CCI-Atlanta); IETF DKIM WG
Subject: Re: [ietf-dkim] RE: I think we can punt the hard stuff as out
ofscope.

Douglas Otis wrote:

A single policy record placed adjacent to the domain's MX record could
be sufficient. This would eliminate domain transversals or wildcard search mechanisms. However, this approach creates a need to obsolete the use of just A records as an SMTP server discovery/confirmation method. Once an A record discovery/confirmation has been obsoleted, then messages might not be accepted when the email-address domain is
not 
confirmed by the existence of an MX record.


Doug,

The MX/CNAME/A discovery process is long established process and part of
the SMTP standard for millions of systems world wide, not just the Fortune 10, 500, 1000 or 10,000, and it includes legitimate systems with 

no MX records but with a CNAME or A record.

And you want to change this long established methodology for SSP
purposes?

You're kidding right?





_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] lets add one more shall we?, Bill.Oxley
Next by Date:  Re: [ietf-dkim] RE: I think we can punt the hard stuff as out ofscope., Hector Santos
Previous by Thread:  RE: [ietf-dkim] RE: I think we can punt the hard stuff as out ofscope., Bill.Oxley
Next by Thread:  Re: [ietf-dkim] RE: I think we can punt the hard stuff as out ofscope., Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]