Gordon Fecyk wrote:
One of the biggest objections to LMAP is that spammers can register
domains, and publish fake LMAP information for "owned" machines. In
this situation, LMAP does nothing to stop, or even slow down, the
flood of spam.
This was acknowledged a long time ago. What LMAP does in this case is
demonstrate who's accountable. If a spammer wants to register a domain under
increasingly strict identification rules and risk being held accountable, let
him. We can then blacklist the domains.
The idea is to (ab)use rDNS, and to publish LMAP records there,
too. One of the key records to publish is which domains are permitted
to publish LMAP records for this IP. Or, the information could be
which DNS servers are allowed to publish LMAP records for this IP.
MTAMARK does this.
Problem: Small ISPs and small to medium enterprises don't control rDNS.
North American ISPs are LAZY in this regard. [1] They won't use RFC 2317 and
in many cases won't bother changing PTR records for you, never mind add new
records to their rDNS zones.
I'm sure it's bad enough for high-cost commercial customers, such as you
mentioned, but consider the more extreme case of MTAs running on home
cable/DSL lines. My MTA is such a system, and it is set up to relay
everything through my provider's 'smarthost'. However, I don't want any
other customer of my provider to be able to forge my domain. I've still not
seen any design that handles this. If someone could enlighten me, I would
greatly appreciate it.
[1] This comes from ten years consulting experience. Experiences on
non-North-American ISPs, anyone?
From what I've heard, RIPE is slow in even properly assigning the namespace
to the current owner, let alone the owners keeping it up to date.
Philip Miller