On 6/16/2004 12:39 PM, Douglas Otis wrote:
Blocking mail would be bad as static information is not comprehensive
nor would tracking all possible avenues be practical to administer.
I think that is a per-domain judgement call. I only send mail through my
mail server, so for me:
C: MAIL-FROM: <ehall(_at_)ehsco(_dot_)com>; SERVER-IP: 207.65.203.98
S: OK
and all other combinations are NO.
Other domains may want to return UNKNOWN as a default case.
Anyway, as with SPF, the only really useful receiver-side response is NO,
UNKNOWN is meaningless and anybody can return a YES.
There could be a system for those "off the reservation" to mail this
"domain of record" a notice to accept mail sent from their current
location, if it contained a valid signature perhaps. This could be
treated like a cache where this information would expire after so many
days.
Receiver-side caching is part of the problem IMO. I mean, folks are shying
away from disk-based caching because they don't want to tell people that
500 mb of disk space is going to be needed, but are happy to push it to
DNS where that 500 mb of RAM is out-of-sight, out-of-mind, and thus ok.
The next problem would be DoS. Can this be done using UDP?
DoS is a fact of life for every service.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/