ietf-mxcomp
[Top] [All Lists]

Re: Is the back door open?

2004-07-28 10:43:16

On Wed, 2004-07-28 at 04:56, Andrew Newton wrote:
On Jul 27, 2004, at 9:50 PM, Douglas Otis wrote:

It could if the MTA either had a valid list of users, or attempted to
deliver down stream to ascertain if the user was valid before 
completing the session.  The MTA only knows it will relay for a
domain.  In the case of the backup MTA service, this 'knowledgeable'
server is expected to be down.  As a shortcut for administration or
out of reluctance, lists of valid users may not be shared with some
MTAs relying messages.

Why do you need a list of valid users to do a Sender-ID check?

This could done using a domain with no records, open records, or to a
relay MTA that opts to turn off Sender-ID channel checks.  Sender-ID is
not always 100%, due to its extremely large scope.  With the expense of
DNS wrenches, as a defensive posture, such checks could be postponed
until it is at least determined the mail is for a valid user.  Owning to
the overhead involved, it would seem a poor assumption every point in
the MTA path enables these checks.

-Doug