RE: Standard Authentication Query
2005-03-30 11:32:56
At 11:02 AM 3/30/2005 -0500, Todd wrote:
On Tue, 29 Mar 2005, at 16:12, David MacQuigg wrote:
>
> One thing that isn't clear to me, and perhaps someone else can comment,
> what happens if the spammer has an IP assigned by rr.com AND a *subdomain*
> from rr.com? My guess is the subdomain will inherit the reputation of
> rr.com, and will also have the opportunity to ruin it. It seems like
> rr.com would be wise to put these residential mail servers under a
> different name, maybe rrhome.com, or if they are a serious business, have
> them use their own name.
I'm not clear on what you mean when you say, "what happens if the
spammer has an IP assigned by rr.com AND a *subdomain* from
rr.com?". In lieu of my understanding what you mean, and given
that Road Runner's reputation in the anti-spam community is mixed
at best, let me describe the reality of the Road Runner customer
and DNS names associated therewith.
You gave the example earlier of allowing a residential customer to send
mail from $foo.rr.com, and I assumed you were assigning lots of $foo
subdomains to whoever wanted one. That could result in mistrust of any
subdomain under rr.com. The policy you describe below is much different
than my assumption.
Any customer IP assigned by Road Runner in our residential space
will soon have a PTR record ending in 'res.rr.com'; we're
transitioning all of our residential space to this naming scheme,
and expect to be finished shortly.
What this means is that Joe, a Road Runner customer of the
Milwaukee, WI, Time Warner Cable division, who has IP address
69.76.120.59, will have the following information "associated"
with him:
email address: joe(_at_)wi(_dot_)rr(_dot_)com
PTR record for cable modem: CPE-69-76-120-59.wi.res.rr.com
(Prior to the res.rr.com migration, Joe's IP address would've had
a PTR record of CPE-69-76-120-59.wi.rr.com.)
We do not provide non-default names for residential customers.
No customer will ever have an email address ending in
'res.rr.com'.
The only subdomains of rr.com are names used to indicate either a
Time Warner Cable division or some other Road Runner-specific
indicator; there is no possibility of a name such as
"joesgarage.rr.com" existing, ever.
Business Class customers are given IP addresses whose default PTR
records resolve to one of the following eight patterns, assuming
IP address A.B.C.D:
rrcs-A-B-C-D.central.biz.rr.com
rrcs-A-B-C-D.ma.biz.rr.com
rrcs-A-B-C-D.midsouth.biz.rr.com
rrcs-A-B-C-D.nyc.biz.rr.com
rrcs-A-B-C-D.nys.biz.rr.com
rrcs-A-B-C-D.se.biz.rr.com
rrcs-A-B-C-D.sw.biz.rr.com
rrcs-A-B-C-D.west.biz.rr.com
For those Business Class customers who have their own domains and
wish to have non-default PTR records, we provide that service,
but again, the PTR record would not be "joesgarage.biz.rr.com";
rather, it would be "joesgarage.com", "www.joesgarage.com",
"mail.joesgarage.com", and the like.
Hopefully, that clears things up for you.
Yes, and thank you. This is a good description of how mail servers can be
properly organized for a large, geographically distributed ISP. Putting
all the residential customers under res.rr.com is simple and clear, and you
might even want to add an SPF record for that subdomain "v=spf1 -all",
assuming you really intend that residential customers be not authorized to
operate public mail servers.
One thing I'm not clear on is whether an address like
CPE-69-76-120-59.wi.res.rr.com can be SPF-blocked at the res.rr.com level,
or whether you need to have SPF records for all the subdomains below
that. I wish I knew more about DNS.
Another question is whether there might be "cross-pollution" between the
different biz.rr.com subdomains. Ideally, each should have its own
reputation to gain or lose, but there may be a problem with how many names
a reputation service is willing to keep track of. If they just provide one
rating for all of biz.rr.com, then one spammer.biz.rr.com could ruin the
whole group. You might want to say any business that wants to operate its
own public mail server should do like joesgarage.com and get their own
name. Then you can SPF-block the entire biz.rr.com subdomain, and be done
with it.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: Standard Authentication Query, (continued)
- RE: Standard Authentication Query, Todd Herr
- Re: Standard Authentication Query, Radu Hociung
- RE: Standard Authentication Query, David MacQuigg
- RE: Standard Authentication Query, Todd Herr
- RE: Standard Authentication Query, Scott Kitterman
- RE: Standard Authentication Query, Todd Herr
- RE: Standard Authentication Query,
David MacQuigg <=
- RE: Standard Authentication Query, Commerco WebMaster
- Softfail (was: Standard Authentication Query), Frank Ellermann
- Re: Standard Authentication Query, Mark Shewmaker
- Re: Standard Authentication Query, David MacQuigg
- Re: Standard Authentication Query, william(at)elan.net
- Re: Standard Authentication Query, David MacQuigg
- Re: Standard Authentication Query, Radu Hociung
- Re: Standard Authentication Query, Mark Shewmaker
- Re: DNS Query Format, Radu Hociung
- Re: DNS Query Format, David MacQuigg
|
|
|