On 2004-06-28 23:54:14 +0200, Markus Stumpf wrote: > On Mon, Jun 28, 2004 at 09:11:58PM +0200, Peter J. Holzer wrote: > > * A domain-based scheme protects the domain. By publishing an SPF record > > for hjp.at I protect my domain from being abused by spammers and > > worms - that will safe me from lots of bounces. (IF spf is actually > > used to reject messages at the SMTP level) > > Out of 6,900,000 DE domains, how many owners of that domains will > be able to produce correct SPF records? How many of them will be > able to put them into their domain? Did you notice that IF in capital letters? Yes, that's a big if. If SPF is never deployed to such a degree that it is actually used to reject mail, it is useless to those who publish SPF records. I am an egoist, however, and I don't care about the 6.9 million DE domains (or the few hundred K AT domains), I care about my domain. If publishing an SPF record saved me from a significant portion of bounces, I would be happy (I'm just rather sceptical whether that will be the case). Yes, SPF won't make a dent in spam. It is too easy to circumvent, and it shouldn't be touted as an "anti-spam measure". It's an anti-joe-job measure, nothing more. > > Mostly I think, MTA-Mark will be beneficial to business customers of > > cable- and dsl providers. They are often in the same address block as > > private customers, so they are increasingly blocked by DULs. If MTA mark > > was widely deployed, DULs would become obsolete and MTA mark can be much > > more fine-grained. > > MTAMARK will be most useful to protect non-dialup IP space. Dialup IP > space probably should have port 25 outgoing blocked. Whatever "dialup IP space" may be. Real dial-up IP space (phone line or ISDN) is IMHO a small and decreasing problem. Dial-up users have little bandwidth and they aren't long enough online to cause real trouble. The problem are DSL and cable accounts. They have enough bandwidth, they are online for many hours, often around the clock, some of them do have static IP addresses, and they are often operated by people who don't recognize a security problem if it jumps into their face and bites their nose off. However, not all of them are clueless. Some of them do know how to run a mail server, they have a static IP address, and they prefer (for privacy or even reliability(!) reasons) to run their own mail server. The trouble is, you cannot currently distinguish them from their neighbours. This is where MTAMARK comes in. If, for example, chello (I use them as an example, because at least one of their address ranges is included in the SORBS DUL) marks their whole IP range as "doesn't send mail" and their customers can easily call the helpdesk and say "I want to run a mail server - please add an MTAMARK record for my IP address", that would be acceptable to both the customer and the provider. Blocking port 25 on a per-IP basis is probably not feasible, and generally blocking port 25 for an address block which contains server accounts will get them in legal trouble. hp -- _ | Peter J. Holzer | I think we need two definitions: |_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve | | | hjp at hjp.at | 2) The problem our solution addresses. __/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
Attachment:
pgpl8vu8VE9Kf.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg