On Mon, 2004-06-14 at 21:45, Matthew Elvey wrote:
(Posted on 6/9 just to Markus, perhaps by mistake; haven't heard back;
the minimum price of a domain is important!)
On 6/9/2004 2:58 PM, Markus Stumpf sent forth electrons to convey:
<Agree with you up to this point.>
And a point which is deliberately ignored is the problem of 0.10 USD
throwaway domains and short-TTL bot networks.
Sorry, where can I get a domain for $0.10 US? (And I don't mean
foo.cjb.net or foo.cjb.co.uk)
If these are coming or here, as you and Gordon seem to be saying they
are, then MARID won't work as well as I had thought it would.
You think an icann-authorized TLD will start selling domains at this
price? Please explain in more detail.
To slip past a filter, new domains are simply the price of doing
business for those that abuse the system. Unlike an IP address, a
history can be expected of a domain name that is not possible with just
an IP address. New domain, offer little credit. Tried and true, offer
full credit. Tried and bad, no credit. Using a domain name with a
reasonably good authentication practice is tremendously safer than
relying solely upon the address whether or not an accreditation service
helps administrate the lists.
Yeah, I know, this will be solved anytime later with accreditation
services.
CSV:
Is an SMTP client authorized to use a particular domain name in its
SMTP EHLO command? [CSV] attempts to answer this question. It
suffers from the fact that the EHLO name has a tenuous relationship,
at best, with the contents of any mail message.
So what? It is MTA authorization records not message authorization
records, even if the group morphed to it.
Indeed! Watch this point be studiously ignored.
Although the problem can be seen as forged headers, much of this junk
traffic comes from sources that can be tracked and this is made easier
through the use of names rather than IP addresses where accountability
is otherwise doubtful if not impossible.
A EHLO identifier is the way one MTA tells another MTA about himself
and his identity. It is an important fact to know if this identity is
faked. However this could probably also partially accomplished by
requiring the EHLO to match at least one PTR record and have the
forward lookup of this record match the connecting IP (aka EHLO must
match paranoid lookup).
Some of the syntax and semantics of SPF records provide useful
additional functionality without weakening the effectiveness with which
an MTA is authorized by a domain. The benefit is that it allows every
legit MTA to pass MARID inspection, even the 1-10% of legit MTAs don't
have control over rDNS, and hence don't pass the rDNS test. And yet it
ties that MTA to a domain that has a valuable reputation. That being
the goal of MARID.
The use of an SRV record has the advantage of returning all the needed
information in a single query where both authorization is discovered and
the authentication is validated.
-Doug