Re: [Asrg] Problems with RMX

["Alan DeKok" <aland@freeradius.org>]

"Ken Hirsch" <kenhirsch@myself.com> wrote:
> The idea behind RMX can be implemented without changes to DNS, however.  For
> example, via MX records, as already mentioned,

  Which overloads the meaning of MX records.

  There is currently no requirement that originating MTA's for a
domain are the same as recipient MTA's for that domain.  Many systems
have them on different machines.

  RMX permits such behaviour to continue.  Overloading MX records
forbids that behaviour.

> 2. Too many control points.  There are just too many domain names and too
> many domain name servers for the presence of an RMX record to mean much.
> Yes, it reduces the forged header problem, but it's just too easy to set up
> your own domain name server that it will mean little in the way of
> controlling spam.

  It's one more hoop that spammers have to jump through before they
can send spam.  It's one more way of tracing spammers, once they have
sent spam.

> 3. What do you do when there is no RMX record?

  This question has already been answered multiple times.

> My proposal, for _any_ authentication scheme, is to bridge the gap with a
> "mandatory" challenge-response system.  If you disagree with that, what is
> your proposal for how mail from non-RMX systems should be handled.

  The answer is "no worse, and no better, than it is today."

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg