One of the biggest objections to LMAP is that spammers can register
domains, and publish fake LMAP information for "owned" machines. In
this situation, LMAP does nothing to stop, or even slow down, the
flood of spam.
This was acknowledged a long time ago. What LMAP does in this case is
demonstrate who's accountable. If a spammer wants to register a domain under
increasingly strict identification rules and risk being held accountable, let
him. We can then blacklist the domains.
The idea is to (ab)use rDNS, and to publish LMAP records there,
too. One of the key records to publish is which domains are permitted
to publish LMAP records for this IP. Or, the information could be
which DNS servers are allowed to publish LMAP records for this IP.
MTAMARK does this.
Problem: Small ISPs and small to medium enterprises don't control rDNS.
North American ISPs are LAZY in this regard. [1] They won't use RFC 2317 and
in many cases won't bother changing PTR records for you, never mind add new
records to their rDNS zones.
[1] This comes from ten years consulting experience. Experiences on
non-North-American ISPs, anyone?
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>