On Nov 15, 2007, at 9:27 AM, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Tue, 13 Nov 2007 18:32:49 PST, Douglas Otis said:
Message content offers little assurance of its origination. Where
to reach for the message is more significant. The TBR extension
offers both an assured last hop IP address and a domain of
origination. Often the origination of content is more important
than the results of a scanning process. Receivers would be foolish
to trust the results of content scanning alone.
OK. Let me get this straight. We get an inbound connection from a
possibly dodgy source address, like a probably compromised
cablemodem box, and we then take the address *they provide us* and
use that as some sort of "verification"?
Yes, and at the MTA's leisure, as accepting a reference does not
formally create an obligation.
What's wrong with this picture? (Hint - what are the chances that a
hypothetical connection from said abused cablemodem, if it uses TBR,
will point at either the *same* address, or yet another abused
cablemodem? Consider the use of fast-flux DNS changers when you
ponder this - there's no reason why you won't find that tbr-
server.fast-flux-r-us.com *won't* point at a cablemodem.)
You are right about the problem created by fast-flux DNS changers,
especially when coupled with the noise created by odious domain
tasting. Even DKIM can be abused in this manner.
This problem can be tracked, but results may require a bit more time
than allowed to return Okay to a DATA command. Over a brief period of
time, such abusive sources can be flagged. The database is perhaps
too extensive to distribute for real-time results (largely due to
domain tasting), however near-real-time results are practical. To
support this effort, the TBR Extension offers a low overhead means to
defer a formal obligation to deliver, while also avoiding the exchange
of undesired data.
-Doug