On 6/14/2004 8:10 PM, John Leslie sent forth electrons to convey:
<http://www.jlc.net/MARID/CSV/>
That new URL helped.
Comments: I don't get why draft-crocker-marid-csvhna-00.html says in
"2.1 Reverse DNS"
that "For authentication of sending SMTP clients, Reverse DNS can be
used by itself"
This doesn't make sense to me.
e.g. Spammer controls 345.0.0.0/24 (including having rDNS delegated from
its ISP), and makes 345.0.0.5 resolve in rDNS to mx34.aol.com, and sends
spam with EHLO = mx34.aol.com.
This fails to protect aol.com or tie the abuse to a responsible party.
Reverse DNS does not appear to be a good way to tie a domain to an IP.
Also, allowing it doesn't make CSV easier to implement, does it?
"2.2 Forward DNS Lookup"
is adequate to the task; there's no need for 2.1, AFAICT.
An accreditation service used by CSV cannot accredit aol.com as a
non-spammer if CSV does not allow aol to protect its use in HELO from
this abuse.
Also, I don't see how 3.2 SMTP Auth protects aol.com from this same abuse.
RE. 3.1 StartTLS: *IF* STARTTLS is used *AND* the sending server's cert
is CA signed, then that makes sense.
(Yes, I plan to rip out part of SPF and propose it as a replacement for
draft-crocker-marid-csvhna-00.html and
draft-crocker-marid-csvcsa-00.html in CSV, and create a chart comparing
the pieces chosen and the reason for each choice, all if I find the time.)
draft-crocker-marid-csvcsa-00.html won't work with wildcards, right?