ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A 30% solution

2004-05-13 09:58:49
from [Pete Resnick] [Permanent Link] 

On 5/12/04 at 2:21 PM -0400, John Leslie wrote:


MAIL-FROM does not mean that the email "purports to be from" that domain.
As I said to Dave, I don't think it does and that was not the intention. I will rewrite without using those words if folks continue to find this too confusing. 


that receiver will request MARID records from that domain.
"That domain" is rather too poorly defined. If we are going to check based on the right-half of an email address, I believe we need an algorithm to check first the entire right-half, followed by checks of super-domains of that until we reach a generic limit
This is on the syntax/semantics border. For instance, if we use a scheme that allows for wildcards in the DNS, the "algorithm" is built into the DNS query. On the other hand, I don't think it's appropriate to run up the tree unless that's what's intended by the domain administrator. 


- known-good
- believed-good
- unknown
- believed-bad
and I strongly recommend we keep those four sets. (Pete has combined the second and third, and listed neither.)
Actually, I think I may have combined the first two. But either way, I view the algorithm as checking for membership in legit and illegit, and not mentioned unknown because it is simply the complement of the union of the other two. (A very boring set indeed.)
The receiver can then check the IP address of the sending SMTP client for membership in those sets and decide the appropriate disposition of the mail. 

This is an arbitrarily large amount of work for the receiver.
As I said in an earlier message, the check could be short-circuited in practice.
I would greatly prefer that we make the DNS query ask which set a particular IP address belongs to.
The DNS is not exactly set up to handle a tuple query (i.e., query a domain-name/ip-address pair to get an answer). I'm suspicious about whether this is workable. 


- MARID level (probably <integer>.<integer> )


Seems like overkill to me.


- list of reputation services


I'd like to see that in a separate record if we need it.


- some mechanism to list identities subject to policy


I'm not sure what that means.

pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A 30% solution ; a 40% solution, Pete Resnick
Next by Date:  Re: RHSBL scalability (affects MARID proposals)., Matthew Elvey
Previous by Thread:  Re: A 30% solution, John Leslie
Next by Thread:  Re: A 30% solution ; a 40% solution, Matthew Elvey
Indexes:  [Date] [Thread] [Top] [All Lists]