"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
Mere control of the reverse DNS for an IP address is not normally considered
to entail the 'right' to dictate the uses to which the address can be put.
No... but also historically, there has been a strong correlation
between the people "owning" the IP, and the people administering rDNS
for that IP. When they are the same people, it's logical to publish
expected use information in rDNS.
There's no concept of "dictation", then, as people can't dictate
terms to themselves.
We can even do away with the 'sender policy' confusion altogether
if we instead think of the information in the forward DNS as a
description of the mail configuration of the outgoing mail
servers.
That's probably a better description of the data.
Another advantage of the 'its just a description' point of view is
that we separate concerns. The sender is not doing authorization,
they are simply providing information to the recipient.
In my view, "authorization" means an active role in the process.
"Policy" is a static description of how the active authorization
should proceed.
So the sender publishes authorization policy in DNS, and the
recipient applies that policy to perform the authorization action.
Alan DeKok.