ietf-mxcomp
[Top] [All Lists]

Re: Input on identities

2004-04-07 10:34:38

On Wed, Apr 07, 2004 at 11:49:39AM -0500, Pete Resnick wrote:
Many 
sites don't own records in the reverse space for their IP addresses, 

Then we should question why this is so and if it is needed or if it
can be handled by their ISP as well.
And we should also question why ISPs don't handle the revDNS any more.
And managing revDNS will probably be less work than to add LMAP type
records to all zones of all customers.

but do own the forward domain records. I'd much rather see a 
situation in which everyone has the ability to publish information 
about which machines are expected to be MTAs or their domain instead 

And the backdraw is that spammers can still use their networks of
cracked (mainly) dialin/DSL machines by publishing appropriate information
for their rogue zones and use them to spit out spam, just like they do now.

Then we need another (DNS based?) accrediation system telling us what
zones are good and what are bad and all we gained ist to split the
problem to more than one DNS based system, one that publishes
information the domain owner inserts and others (centralized) that
publish information on how trustworthy the published information in the
domain records are.

IP based lists are very simple, as they tell "the owner of the IP space
thinks this IP hosts a MTA that should sending messages across the Internet".
What each validator does with that information is up to him.
If some ISPs don't handle revDNS for their customers then the market
will kill those ISPs or they will handle revDNS for their customers.

The situation where IP based lists will not work is for MTAs on dynamic
address space. The question is whether we should encourage hosting
MTA on dynamic address space with regard to stability and the spam
problems we encountered over the last decade. In Germany e.g. data
protections laws prohibit that ISPs store connection data for flat
rates as the data may only be stored for accounting purposes and with
a flat rate this is not needed.

My fear is that LMAP style authorization mainly helps big sites to
be protected from joe jobs, but joe-loser.org who doesn't even know what
an IP adress is will be helpless and spammers will shift from big mail
service providers to zillions of small domains without LMAP. The overall
win will be zero for a very long time.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"


<Prev in Thread] Current Thread [Next in Thread>