[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] MXs Used As Authentication - Why RMX?

To: asrg@ietf.org
Subject: Re: [Asrg] MXs Used As Authentication - Why RMX?
From: "Alan DeKok" <aland@freeradius.org>
Date: Mon, 25 Aug 2003 12:21:10 -0400
In-reply-to: Your message of "Mon, 25 Aug 2003 15:11:34 +0200." <a06001a0ebb6fb930b27d@[10.0.1.2]>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

Brad Knowles <brad.knowles@skynet.be> wrote:
> 	As I see it, one primary problem with this draft is that it 
> breaks the most common form of mailing lists -- aliases.

  This was discussed earlier on the list.  "outgoing" MX records mean
that some current network behaviours may change.  Mailing lists may
still exist, but their implementations may change.  Other than
deployment, I don't see this as much of a problem.

> 	This draft also prevents people from being able to legitimately 
> transmit e-mail using domain names that they don't control, via other 
> servers.  It is not at all unusual for me to go travelling somewhere 
> and want to continue to use my normal e-mail address, but use the 
> local mail relay services available from the provider I'm using at 
> the moment.

  How does the recipient of that email establish a consent framework
for communication with you?  How does he separate your traffic from
the "forged spam" traffic?

> 	You would have no choice but to have SMTPAUTH or TLSSMTP 
> available for the official relays for your domain, and to be able to 
> guarantee that you can always get through to them using these 
> features,

  How is this different than having you establish a consent framework
for communication?  

> 	I don't see this sort of solution being feasible.  The legitimate 
> third-party relay problem is a tough one to solve.

  How does the recipient distinguish "legitimate" third-party relays
from "illegitimate" ones?

  Why is it the recipients problem to establish that legitimacy?  What
work are you willing to do, to share the burden of establishing that
legitimacy?

  I'm not opposed to legitimate third-party relaying.  But it's my
perogative as a recipient to discard any email I choose.  Unverifiable
third-party relaying is a large part of my spam, and costs me time and
money.  "legitimate" third-party relayers who ask that I spend more
time and money to "legitimatize" their email for them look a whole
lot like spammers, from that perspective.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] MXs Used As Authentication - Why RMX?
  - From: Brad Knowles

References:
- Re: [Asrg] MXs Used As Authentication - Why RMX?
  - From: Brad Knowles

Prev by Date: Re: [Asrg] MXs Used As Authentication - Why RMX?
Next by Date: Re: [Asrg] 0. - General - Announcing Yakov Shafranovich as co-chair of ASRG
Previous by thread: Re: [Asrg] MXs Used As Authentication - Why RMX?
Next by thread: Re: [Asrg] MXs Used As Authentication - Why RMX?
Index(es):
- Date
- Thread