At 10:19 AM 4/20/2004 -0400, you wrote:
From: Spf Pobox <spf(_dot_)pobox(_at_)princeweb(_dot_)com>
Subject: Draft - DNS Naming Convention for Outbound Internet Email Servers
Date: Tue, 20 Apr 2004 12:19:07 +0100
I've checked carefully, and looks like no one else has posted this
here
Another anti-spoof RFC proposal
http://serverauthority.net/draft-lorenzen-marid-mxout-00.txt
BTW I'm not that keen on it at first sight, but need more time to
fully consider before being more detailed.
First thoughts (always dangerous to commit to)
Seems most, if not all of it is covered by SPF, though it requires
a SPF record for every A record to achieve, I think.
Also getting admins to configure mail servers to existing RFC's is
bad enough.
Karl.P
******************* REPLY SEPARATER ********************
This type of anti-spoofing proposal has been discussed before on this list,
and I for one am completely in favor of it. It allows the ISP to control
who is authorized to send mail from the IP range under his/her control. It
does not necessarily have to be tied to the domain name, which would
require multiple PTR records. It is simple and it is effective, but it does
not address all of the same issues that SPF does (domain name spoofing for
example). It simply says which IP addresses are authorized to send mail,
even if that address is a mail forwarder.
The difficulty that I see in all of these proposals that are tied to
reverse lookups, is that it is sometimes difficult to get the upstream
supplier to cooperate. Our own "C" class network is a case in point. We
have been after our supplier to delegate that authority to us for months,
and they seem either unwilling or unable to do it.
J.A. Coutts
Systems Engineer
MantaNet/TravPro