[Top] [All Lists]

Looking for good mail vs. looking for bad mail

2008-03-31 10:13:22

[ I'm explaining, not arguing. ]

The importance of question of what domains are valid for make became
apparent during the endless discussions about DKIM SSP.  (No, I'm not
saying that SSP in anything like its current form is a good idea.)

In case anyone hadn't noticed, filtering spam by looking for the
characteristics of bad messages is a losing battle.  So the current
work with DKIM et al is to make it easier to recognize messages from
known good senders, thereby reducing both number of messages that need
expensive filtering, and also allowing somewhat more aggressive
filtering on what's left.

One of the issues has to do with domains that have a lot of
subdomains, some of which send mail and most of which don't.  If, say, goes to the effort of persuading everyone that they are well
behaved, we can expect bad guys to try to piggyback onto their good
reputation.  A certain amount of mail comes from xxx(_at_)ibm(_dot_)com, but
plenty comes from xxx(_at_)us(_dot_)ibm(_dot_)com, 
xxx(_at_)watson(_dot_)ibm(_dot_)com, and a variety of
other subdomains.  We expect that IBM will start signing their mail,
so at some point receivers can assume that mail that purports to be
from or that doesn't have a signature is likely to
be bogus.  (This is what SSP tries to do.)

But what about mail from xxx(_at_)www(_dot_)ibm(_dot_)com or 
xxx(_at_)www-03(_dot_)ibm(_dot_)com, or any
of a zillion other hosts that have A records and presumably someday
will have AAAA records?  It would be really nice if IBM could say
forget it, not from us, for all of their non-mail domains.  Even if we
get MX 0 . on standards track, it will be rather cumbersome, since it
would roughly double the size of every non-trivial DNS zone with an MX
0 . for nearly every A or AAAA record.  For reasons I presume all of
us know, DNS wildcards don't help, and the various tree climbing and
zone cut kludges aren't workable.

So if you agree that it is likely to be useful to identify mail from
real senders, by far the simplest way to do that would be to require
an MX for the real senders' domains.


<Prev in Thread] Current Thread [Next in Thread>
  • Looking for good mail vs. looking for bad mail, John Levine <=