On 2004-06-28 18:55:14 +0200, Markus Stumpf wrote: > In DE we have 6,900,000 domains vs. 144582 non-bogus IP adresses whose > hosts are used in MX records of those domains. An authorization scheme > based on IP addresses will be more effective, more fair and much faster > deployed than any domain name based scheme. I agree with that in principle. For the early adopters, the situation could be reversed. For example, I can easily add a spf record to my hjp.at domain. I'm not sure if I can get my provider to add mta-mark records for my 8 IP addresses (I can't get them to delegate reverse DNS to me, I already tried that). In reality, I think, an IP-based scheme and a domain-based scheme should be implemented. They have different strengths: * A domain-based scheme protects the domain. By publishing an SPF record for hjp.at I protect my domain from being abused by spammers and worms - that will safe me from lots of bounces. (IF spf is actually used to reject messages at the SMTP level) * An address-based scheme protects an IP range. By publishing _send._smtp._srv TXT "0" records, a provider prevents spammers and worms from abusing these machines - which will safe his abuse team from lots of mails and calls (IF mta-mark is actually used to reject messages at the SMTP level). Mostly I think, MTA-Mark will be beneficial to business customers of cable- and dsl providers. They are often in the same address block as private customers, so they are increasingly blocked by DULs. If MTA mark was widely deployed, DULs would become obsolete and MTA mark can be much more fine-grained. hp -- _ | Peter J. Holzer | I think we need two definitions: |_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve | | | hjp at hjp.at | 2) The problem our solution addresses. __/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
Attachment:
pgp6OAqwU0x64.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg