The quote you established as the basis for the discussion was argued
against by your own words in the next paragraphs.
How are you going to confirm that the peer MTA is who they say they are
if both of them are spammers and both use 0/0?
Rhetorical question... because the answer is: You can't.
Better yet if you use 0/0, it is somewhat like an open-proxy. You are
giving permission to anyone on the internet to spoof your domain. Who
would want to do THAT?
Another rhetorical question: Spammers and anyone else who wishes to
spoof for one reason or another.
Like I said in the past, I am sure that legitimate domains will not use
0/0. My concern is that 'spammer A' can use 'spammer B's' domain name if
they both post a record of 0/0. Why is THIS bad? Because I can generate
an infinite number of domain names and still be able to use any IP
segment I want... Unless of course, that IP segment belongs to a
conscientious admin. I believe that there are a lot more IP segments
owned out there by spammers than conscientious admins.
The propeller heads can't seem to understand WHY this is a BAD thing
and choose to argue for arguments sake.
We have a unique and exciting opportunity to finally DO something about
spam. But ya'll are taking the roots out. You're weakening it, watering
it down, making exceptions for bad behavior. What you will end up with
is a useless spec that does nothing that was intended of doing it
because nobody will use it... Why?! Someone should run for Congress.
I would love to see real world example of where 0/0 would be used
legitimately. But we can't disallow it via RFC because it would hurt too
many feelings and make too many spammers mad.
"Perhaps I'm a spammer", >> Exactly my point
"perhaps I have lots of roaming users and can't be bothered fixing my
system" >> another point made.
"even if no mail ever comes from the vast majority of those IPs" >> and
another.
Make this a strong RFC and the information that you provide me will be
definite and not wishy-washy.
As far as best practices go... I will be tossing everything that
exceeds /24 with a few exceptions.
Just because someone is a lazy admin will not sway me to add them to my
exceptions list.
Regards,
Damon Sauer
Damon:
The whole purpose of MADRID is to keep mailers from 'spoofing' where
they are coming from. It should not allow you to "publish whatever I
like" it should REQUIRE you to publish the most accurate data
describing your system.
No. The primary current use case for MARID is to "to allow recipient
MTAs to confirm that peer MTAs' actions are authorized by specific
domains or networks"
Say I, as a *domain*, using some kind of 'forward' MARID, authorise
*any* MTA to act on my behalf. Perhaps I'm a spammer, perhaps I have
lots of roaming users and can't be bothered fixing my system. This is my
policy.
I say 0/0
This is the statement I wish to make. MARID must allow me to make a true
statement of my policy.
"What I like", i.e. what my *policy* *is*, is by definition the "most
accurate data", even if no mail ever comes from the vast majority of
those IPs.
If I'm required to make a false statement of my policy, or no statement,
*You* (the receiver) lose some information. I'm surprised that you'd
wish to throw this information away, I'd think that you could use it to
help decide to throw my mail away.
*****
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential, proprietary, and/or privileged
material. Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from all computers. 113