On Wed, 2004-06-16 at 08:15, Eric A. Hall wrote:
On 6/16/2004 5:36 AM, Arnt Gulbrandsen wrote:
I'm pretty sure we'd be doing a SRV lookup for _marid._udp.<domain> and
then asking that server whether to fail/pass/... the message.
Has this been proposed? I'd support it since it avoids most of the
problems with the existing approaches.
The cost is shifted to the sender, who can implement whatever tests they
want (or can afford), but who cannot get a ride on everybody else' dime.
Blocking time would be slightly longer than DCC/Razor.
It could still be made extensible if the RR listed the servers and the
needed test data (MAIL-FROM, From:, Message-ID:, Date:, ...). The size of
that RR would not be prohibitively large.
I doubt that such a mechanism would be able to block mail. The best
that could be expected would be to mark mail. (The open list issue.)
Blocking mail would be bad as static information is not comprehensive
nor would tracking all possible avenues be practical to administer.
There could be a system for those "off the reservation" to mail this
"domain of record" a notice to accept mail sent from their current
location, if it contained a valid signature perhaps. This could be
treated like a cache where this information would expire after so many
days.
The next problem would be DoS. Can this be done using UDP? As this
gets implemented, will these systems see mail rejected because their
service approval service fails?
-Doug