Re: [Asrg] Re: 6. Proposals - rDNS and rMX

["Alan DeKok" <aland@ox.org>]

Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net> wrote:
> Now there is another company, let's call it example.ORG. They do not
> have LMAP records in place, so any MTA will accept messages with
> addresses @example.ORG from any IP. It will accept the messages also
> from 10.0.1.0/32, even if I use LMAP. So if a workstation in my
> net is compromised it can be abused as a spam relay. Same holds for
> viri.

  Absolutely.  That isn't a problem that LMAP is trying to solve.  The
spammers can forge association with example.ORG, because the admins of
that domain have agreed to permit such forgery.

  You're responsible for the use of your own network, but you're not
responsible for abuse of another domain name.

  The MTAMark proposal addresses the problem of "owned" machines
originating SMTP traffic.  But I don't recall if it includes
information about which domain that MTA can claim association with.
That would be hard, as some IP's host hundreds of thousands of
domains.

  The two proposals are related, but solve different problems.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg