ietf-mxcomp
[Top] [All Lists]

Re: Input on identities

2004-04-08 10:05:21


Markus Stumpf wrote:

On Wed, Apr 07, 2004 at 06:41:54PM -0600, Doug Royer wrote:
The same problem is for static DSL or dial-up IP addresses. How much effort will your ISP put into verifying that your have the right to do a reverse push of home.example.com ?
None in most cases. So the reverse DNS will not match the forward.

This is a problem of the ISP. This is not an unsolvable problem.
If your ISP doesn't manage revDNS records, get one that does. Problem
solved.

Most ISPs will not push reverse DNS entries for domains where they are not
the primary DNS because they can not verify you have the right to use
that domain without some labor cost to them, so they do not do it.

Co-hosted systems may use their own MTA and DNS. Or you DNS and their MTA,
or your MTA and their DNS, or some 3rd party MTA or DNS. There is no way
to control that. The reason people co-host is to co-locate, high availability (UPS or
whatever) and they are using your IP addresses.

What do I care?
If they use our MTA there is no problem at all, as fwdDNS and revDNS
for mail.space.net match perfectly and I see no reason why they
shouldn't.

If they use your MTA - yes it is traceable to your MTA.

If they use their own DNS and their own MTA it's within their own
responsibility to have a correct setup. If they fsck up the A record
for their www entry it is also their problem not that of anyone else.

However the ISP owns the IP space, so they can not push the reverse map
and the ISP can not push the forward map. What would keep them in sync?
This is why I say it is not manageable.

If the reverse map points to bogus.com and I own the IP space, guess
where the complaints go? It still goes to the IP owner. Nothing changes,
nothing that I can see is gained.

We do, and managing revDNS is no problem.

For co-hosting systems at your site that use their own MTAs? Are they correct?

What do I care? The customers tell us what PTR record they want for
IP space owned by them and we add them or delegate the block so they can
manage it their own. If we add them we take care they are syntacitcally
correct, the semantics is up to the customer.

Back to my other question. Are they all correct all of the time?
Or do you just take there word for it?
Have they ever forgotten to tell you of a change.

My experience is 'no, no, yes'.

If you do not know if they are correct, then that is the same problem as now which is they do not match.

Which is a problem of the customer. If he sends us wrong information
it's his problems if things don't work like he expects.
No its not, if I own the IP space - I get the spam complaints, not them. The spammers what it that way. Is all they would have to do is not tell me they have their own MTA and I still get the complaints and have to figure it out. What is gained without some
kind of MTA or From: validation?

If they use a DNS server that is not yours,
you can not automatically check. They could drop host2.example.com and
replace it with mx2.example .com and you would never know. You would
just know that they sill used that IP.

It is not within the responsibility of the ISP to ensure that it is
correct if it is customer allocated IP space.

That has labor costs - many say 'no'.

But the ISP has to provide
the possibility for the customer to have the PTR records they want for
the IP space allocated to them.

They do not have to provide it, and many do not. They point them to themselves
and do not want to hire someone to manage the reverse DNS maps.

And if they want to have  mail.example.com  they get it and example.com
may sue them if they don't like it.
Too late, the spam was sent because they did not tell you, ran their own MTA.
Paid their bill and left. Now the ISP has to headache - what changed?

Okay there is a tool. What if they do not use it?

It is their problem.

No it is the ISPs problem. So again that is the way it is now, what is gained?

...

--

Doug Royer                     |   http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com                 | Office: (208)520-4044
http://Royer.com/People/Doug   | Fax:    (866)594-8574
                              | Cell:   (208)520-4044

             We Do Standards - You Need Standards


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>