RE: [Asrg] whitelisting server and not users

["Eric D. Williams" <eric@infobro.com>]

The very first message to this list suggested such a scheme.

https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00001.html

I have heard it referred to in subsequent threads, and among other proposals 
and analysis I have read, it does seem to be a promising if it meets the 
ultimately developed requirements.  The proposal for an 'RMX' RR was presented 
as an interim or incremental solution to the issue you refer to.  I wonder if 
the author of the proposal is still participating, Hadmut you there?

-e

On Wednesday, April 02, 2003 11:27 AM, Markus Stumpf 
[SMTP:maex-lists-spam-ietf-asrg@Space.Net] wrote:
> I don't know if this has been discussed here before. All the whitelisting
> discussion I have seen so far was verifying the existance of users.
>
> From what I see from my logs by far the most percentage of spam is from
> hosts that are either on dynamic addresses or e.g. the unsecured
> workstation of someone in a company that all get abused, either by
> having a "not known about" mailserver or proxy server or ...
>
> IMHO a fast and easy to implement strategy would be not to accept
> SMTP connections from hosts that haven't clearly marked themselves
> "I am a outgoing MAIL Server".
> Such marking can be easily done in DNS in the in-addr.arpa zone either
> by e.g. setting a TXT record (preferable with a abuse contact) or a MX
> record (either a MX record at all or one with a special prio).
>
> This is better than any DNSBL list, because most reverse zones are
> maintained at the ISPs and they should probably know what they are
> doing.
>
> This setup is easy, cheap, easily deployable for the senders and the
> recipients (existing DNSBL modules need only minor tweaking). Transition
> is easy, also, one could use the information to add RFC 2822 Headers
> on the existance/absence of those records for use with e.g. spamassasin.
> Classification is easy, also: you want spam you don't look at these
> records, you don't want spam you do.
>
> I know this is not a solution to eliminate spam in total, but it might be
> one to eliminate large amounts of it.
> Also if an ISP adds one of those records one could set up legal mumbo
> jumbo and the customer can't say "it was a newly setup system and we
> didn't know it has a mailserver running".
>
> 	\Maex
>
> --
> SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
> Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
> "The security, stability and reliability of a computer system is reciprocally
>  proportional to the amount of vacuity between the ears of the admin"
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg