Re: specifying which IP addresses can send mail for a domain
On Fri, Oct 10, 2003 at 03:09:54PM +1000, Russell Coker wrote: > Joel, can you please provide information on the experimental method for > specifying which IP addresses may be used to send mail from a particular > domain? The one I personally like best, at the moment, is Paul Vixie's proposal (draft-vixie-repudiating-mail-from); however, as has been pointed out, most of the active, or remotely reasonable, proposals have come under the aegis of the IETF ASRG working group, and probably belong there. None of them currently have (nor are they likely to have in the immediate future) enough weight to be terribly useful; the main benefit of the ASRG process is that we will (almost certainly) end up with one protocol blessed with full RFC status, which is a fairly major advantage in terms of convincing mail software writers and DNS maintainers to actually implement it in a widespread enough fashion that it will have noticeable impact. I favor Vixie's proposal primarily because it's simple, elegant, and it requires neither new DNS RR types, nor excessive handling of things which are documented as poor DNS practice, such as widecards. Anything requiring DNS upgrades will take at least five years, if not longer, before it is deployed in sufficient density to be meaningful - many folks still run BIND 4 based resolvers. And the merits of avoiding the use of poor DNS practices should be, well, obvious. Using one special hostname that is unlikely to be used for anything else on an operational network isn't such a high price, by comparison, and it can be implemented entirely at the application level using well-established query pathways (even resolvers that break things like wildcards are unlikely to break MX+priority information). However, as I said, I'm betting that none of them will gain much steam until the ASRG renders a decision. So we'll just have to see what comes out of it. -- Joel Baker <[EMAIL PROTECTED]>,''`. Debian GNU NetBSD/i386 porter: :' : `. `' `- pgp0.pgp Description: PGP signature
Re: specifying which IP addresses can send mail for a domain
On Oct 10, Russell Coker <[EMAIL PROTECTED]> wrote: >The method in question has never taken off because of lack of application >support. If we make all mail servers in Debian support it then that could be >what is needed to make it a success. I would be happy to devote some coding >time to this if it can result in a net reduction of SPAM. Sadly it's more complex than this. Protocols like SPF (http://spf.pobox.com/, which I believe is the best of them) did not take off because of multiple reasons. If you are seriously interested in this then I suggest you look at the past threads on SPAM-L and the other appropriate forums. -- ciao, | Marco | [2322 mi/eMbJhFdzPI] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
specifying which IP addresses can send mail for a domain
Joel, can you please provide information on the experimental method for specifying which IP addresses may be used to send mail from a particular domain? The method of using DNS to specify that only certain IP address ranges may send mail purporting to be From: your domain has the potential to offer significant benefits for spam blocking as well as allowing us to reduce our reliance on other methods (eg the contentious services such as dynablock.easynet.nl which get debated on these lists). I would be happy to configure my servers to avoid checking the dial-up lists if such a method could be used instead, and I think that this would make a lot of people happy. The method in question has never taken off because of lack of application support. If we make all mail servers in Debian support it then that could be what is needed to make it a success. I would be happy to devote some coding time to this if it can result in a net reduction of SPAM. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]