Re: [Asrg] whitelisting server and not users

[Markus Stumpf <maex-lists-spam-ietf-asrg@space.net>]

On Wed, Apr 02, 2003 at 04:06:32PM -0500, Kee Hinckley wrote:
> Too many ISPs don't provide reverse DNS to their customers, but do 
> allow mail servers.  And many of those that do provide reverse DNS, 
> reverse it to their own domain, not the sender's domain.

So what? What do you think is a minor problem:
  - adding a DNS record to the reverse zone
  - installing a new system for user administration and lookups

> envelope -> domain -> lookup ip at domain

No, no, no ;-)
In my proposal I want to get rid of all the "I don't want you to be a
mailserver" hosts, i.e.
- workstations that are worm/virus infected
- workstations that are misconfigured and run
  - proxies that nobody knows about
  - SMTP servers that nobody knows about
- hacked DSL users
- thousands of hosts in universities that are not blocked by campus firewalls
- ...

I don't want to look at domain names or email addresses, I just want to
look at IP addresses, like in DNSBLs, but it is a DNSWL and the people
that are in charge of maintaining the reverse zone can whitelist hosts.

I don't accept a "they don't maintain RR zones" as an argument.
Everybody maintains RR zones the one or the other way. Now we could
force them to do it the correct way.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg