What security assurances do we get from this that would not
be available if we, say added a message header "NotSpam: True"?
Such a system would work fine till enough people used it to
make it worthwhile to forge.
-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of John
Levine
Sent: Wednesday, May 12, 2004 1:16 AM
To: ietf-mxcomp(_at_)imc(_dot_)org
Cc: matthew(_at_)elvey(_dot_)com
Subject: Do it yourself CSV
Can a spammer set up a domain and rDNS with records under
the spec and
spoof From: yes, for all the extant I-Ds, including this
one, and C-ID,
BUT not for long - the domain will get blacklisted PDQ.
Is a spammer forced to use a domain set up with records that
specify its
authorized MTAs: yeah.
If anyone would like to try out CSV, for your convenience I've set up
DNS that will let you use any host anywhere for 100% CSV compliant
mail. If your host is at IP address 11.22.33.44, merely have it HELO
or EHLO as 11-22-33-44.csv.services.net. Viz:
$ dig 11-22-33-44.csv.services.net any
; <<>> DiG 8.3 <<>> 11-22-33-44.csv.services.net any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46829
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; 11-22-33-44.csv.services.net, type = ANY, class = IN
;; ANSWER SECTION:
11-22-33-44.csv.services.net. 12H IN A 11.22.33.44
$ dig _client._smtp.11-22-33-44.csv.services.net srv
; <<>> DiG 8.3 <<>> _client._smtp.11-22-33-44.csv.services.net srv
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60262
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; _client._smtp.11-22-33-44.csv.services.net, type =
SRV, class = IN
;; ANSWER SECTION:
_client._smtp.11-22-33-44.csv.services.net. 11h58m52s IN SRV
1 0 25 11-22-33-44.csv.services.net.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com
PS: If anyone is wondering how I got eight billion different DNS
records into the csv.services.net zone, I did it in perl.