[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Problems with RMX

To: "Michael Rubel" <asrg@mikerubel.org>
Subject: Re: [Asrg] Problems with RMX
From: "Ken Hirsch" <kenhirsch@myself.com>
Date: Tue, 6 May 2003 16:58:33 -0400
Cc: <asrg@ietf.org>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.44.0305061241110.26093-100000@entropy.galcit.caltech.edu>
Sender: asrg-admin@ietf.org

From: "Michael Rubel" <asrg@mikerubel.org>
> KH> The idea behind RMX can be implemented without changes to DNS,
however.
> KH> For example, via MX records, as already mentioned, or via some
specially
> KH> coded A record (see http://www.bondedsender.org/#dns-info).
>
> Ken,
>
> If I'm understanding the article at this link correctly, the way bonded
> sender works is to certify certain IP addresses as non-spammer, and
> then to provide a mechanism to report violations--in which case, the
> "bonded" status of the sender's IP address is revoked.
>
> This is not the idea behind RMX at all!  In particular, the presence of
> RMX records does not imply that a domain is not spamming--only that the
> messages you have received "from" it are not forged.

Yes, I understand that the meaning of the RMX record is different.  My
only point is that you can accomplish the same purpose without having to
invent a new resource record type.  All you need is a convention about
the meaning of the records.

[...]
> > 2. Too many control points.  There are just too many domain names and
too
> > many domain name servers for the presence of an RMX record to mean much.
> > Yes, it reduces the forged header problem, but it's just too easy to set
> up
> > your own domain name server that it will mean little in the way of
> > controlling spam.
>
> This is not really a limitation.  Does it make more sense in the context
> I've just described?

I understand it.  I just think that it has very little worth because of
that.


> > 3. What do you do when there is no RMX record?
> >
> > My proposal, for _any_ authentication scheme, is to bridge the gap with
a
> > "mandatory" challenge-response system.  If you disagree with that, what
is
> > your proposal for how mail from non-RMX systems should be handled.
>
> Actually, my article explains RMX as a three-way handshake--that is, a
> challenge-response.  See:

That's fine, but you still need to say what should happen when there is
no RMX record.  Since deployment could take many years, this is
important.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Problems with RMX
  - From: Michael Rubel

Prev by Date: [Asrg] Willfull and intentional misunderstandings
Next by Date: Re: [Asrg] RMX and aliases
Previous by thread: Re: [Asrg] Problems with RMX
Next by thread: Re: [Asrg] Problems with RMX
Index(es):
- Date
- Thread