On 6/1/2004 9:42 AM, Greg Connor sent forth electrons to convey:
I would suggest to write this up as a suggestion/best practice rather
than a requirement. I think it will get more support that way. For
example:
Yes, this is what we should do.
Publishers SHOULD limit the size of the cidr ranges to no larger than
the ARIN netblock corresponding to the ASN it is in. If the publisher
wishes to allow multiple ASNs to send mail, they should be listed
individually.
Receivers MAY reject a MARID record that is "too permissive" according
to the receiver's policy. For example, a MARID record that allows an
IP range larger than the ASN at the start of the range may be deemed
too promiscuous. If the MARID record doesn't meet minimum standards
of acceptability set by the receiver, the receiver may choose to
ignore the record and proceed with normal non-MARID processing.
Wouldn't a likely implementation that did this result in ARIN et. al.
getting slammed with zillions of queries? If we do propose something
like this for BCP, we should state how to do it so that doesn't DDoS the
IP registries.
Perhaps stating that prefixes larger than /16 (for ipv4) are likely to
be considered "too permissive is good enough. I think that's a small
enough a chunk to accomplish what a more complex BCP would, and requires
no lookups. It will make the allowed set of IPs small enough to be
something spammers would be unlikely to brute force.