[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 6. Proposals - Trust of Addressing Information SMTP Extension

To: "Curtis M. Kularski" <email@curtis.kularski.us>
Subject: Re: [Asrg] 6. Proposals - Trust of Addressing Information SMTP Extension
From: "Marc A. Pelletier" <marc@ctrl-alt-del.ca>
Date: Sun, 7 Sep 2003 10:49:14 +0000
Cc: asrg@ietf.org
In-reply-to: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAUdmrCDLAcU2LJBhleIiI9sKAAAAQAAAAOUp7Ro22VkGI0p/U0VNL8wEAAAAA@curtis.kularski.us>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAUdmrCDLAcU2LJBhleIiI9sKAAAAQAAAAOUp7Ro22VkGI0p/U0VNL8wEAAAAA@curtis.kularski.us>
Sender: asrg-admin@ietf.org
User-agent: KMail/1.5

[Cc'ed to the list since it is relevant discussion]

On Sunday 07 September 2003 14:20, Curtis wrote:
> Marc,
>     I just read the draft, and I have a question about the use of MX
> records for validation. Would it not be easier to just verify that the
> address record for the server exists and is valid? If each server is to
> declare its name, and the IP address is determined, then it would be
> possibly to simply do a forward lookup on the address, then compare the
> returned IP address with the determined IP address. In this situation the
> MTA would also need to compare the server's name with the origin domain of
> the email to make sure it matches.  This would avoid the issue of systems
> that use multiple MX records on the same priority, as well as eliminate the
> need for the sub-domain MX records that are mentioned.

Well, I'm not sure what issue you mean about multiple MX, but the decision to 
not use A (or AAAA) records is, IMO, critical:

For instance, the address that I present to the world right now is 
mtl-hse-ppp168299.qc.sympatico.ca.  This will resolve correctly both way.  
Enabling me to use the A record would allow me to claim authority over that 
domain name, which might be true but completely pointless.  If you match only 
the second level name then I would be able to claim authority over 
sympatico.ca which is obviously a Bad Thing.

Using MX record, you introduce one extra layer of verification: you can only 
claim authority over domains whose zone file you control.  It means (a) 
spammers cannot claim authority over a domain they do not own [short of 
compromizing their DNS or mail servers, in which case they could pretty much 
do anything they want anyways] and (b) the barrier to creating throwaway 
accounts for spamming has increased a great deal  (I.e., you need a new 
domain, *and* control over the zone file which the hosters [wisely] almost 
never give).

Technically, looking up the MX record is almost exactly equivalent to looking 
an A record; you just ask for a different RR.  One-to-many mappings are more 
frequent but robust implementations must already be able to handle multiple A 
records anyways.

-- Marc A. Pelletier

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: Re: [Asrg] 6. Proposals - Trust of Addressing Information SMTP Extension
Next by Date: [Asrg] 0. General - Welcome to the ASRG
Previous by thread: Re: [Asrg] 6. Proposals - Trust of Addressing Information SMTP Extension
Next by thread: [Asrg] [META] Proposed additional SMTP commands *AFTER* RCPT: please
Index(es):
- Date
- Thread