On Thu, Mar 04, 2004 at 09:48:46AM -0800, Hallam-Baker, Phillip wrote:
One nit. The big weakness I see in MTAMARK is that the idea
is proscriptive, these IP addresses are not allowed to send email.
I think that is completely inappropriate. Don't tell the
receiver what to do, don't even try. Just give tell the facts
and let others make what use of them they may.
MTAMARK is not telling anyone what they have to do. It's a way for
admins that control an IP range to tell others:
this IP /is not/ intended to run a sending MTA
or
this IP /is/ intended to run a sending MTA
The "controlling" authority can either be an ISP or a customer of
an ISP to whom the block was allocated.
When doing abuse management and phoning with customers I often hear
"this host should not send messages out, it's a workstation of a
secretary". Now these customers have a way to tell this fact to all
MTAs in the world. What these MTAs do with this information is up to
them.
With the current MTA proposal it is not possible to use wildcard DNS
entries for marking so we propose that the MTA=no records should not be
needed in the long term but only MTA=yes records would be needed and
so the default for "no record" should be "MTA=no".
If all ISPs in the world would prefix their dummy rDNS entries for
dialup customers with
dialup-1.2.3.4.*
or would even use some CIDR notation like
dialup-125.13/24.1.10.isp
thus telling others that
10.1.13/24
is a dialup net classification would even be more easy and less error
prone than DUL DNSBLs.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"