> On 02/16, Marc Perkel wrote: > > I'm still waiting for RDNS to be widely adopted enough to penalize for > > that. There is a lot of good email that comes from misconfigured > > servers. If we can't get the world to do good RDNS I don't think we can > > get the world to do some other more complex scheme.
On 16.02.10 15:31, dar...@chaosreigns.com wrote: > If valid RDNS were a usefully unforgable way to detect spam, I like to > think there would be more of a push to straighten it out. But spammers > have quite a lot of IPs to use with valid RDNS already. > > So I think requiring it for something that has a better chance of blocking > spam has a better chance of getting RDNS set up properly. At least some spammers tend to adapt, SPF might be a good example (no, they did not epxloit it, they only exploited people who misunderstood SPF). Why do you think that more regular admins than spammers will adapt onto this scheme? >From this point of view, MTX is very similar to Spamhaus PBL - they indent to mark IPs that are either supposed to send mail (MTX) or _not_ supposed to send mail (PBL). Since not all of admins trust PBL (and SPF, DKIM) at SMTP level, I'm not sure wheter they will trust MTX at this level. There can always be some idiot trying to deliver his "correct" mail from braindeadly broken mail client through misconfigured mail server from an IP without rdns, listed in every possible blacklist, and admin who thinks this is a good reason not to trust any of those spam signs. > On 02/16, Marc Perkel wrote: > > I'm looking over your MTX site and like SPF I don't understand how it > > stops spam. Thanks for at least addressing in part the email forwarding > > issue. > > To take an example off the end of my log file: I think we even do not need examples. MTX mark should clearly indicate which host is supposed to send mail and which is not. MTX depends on both reverse and direct domain, which means you need to have access to both to provide valid MTX record. This also means that changing either reverse or forward DNS name will invalidate existing MTX record, which I believe is correct for positive (may send mail) records, but imho it's incorrect for negative (may not send mail) records. It also means that setting up MTX is a bit harder and less error-prone. > > In order to be a white list you have to do something spammers can't do. > > That's why a blacklist of spammers using MTX is necessary. Blackists are necessary in all ways imho. While correct SPF/DKIM reduces the need for blacklists/whitelists to domain _name_, lists like PBL/DNSWL reduce that to IP addresses. MTX attepts to do both, while not attempting to solve the forging problem that is addressed by SPF/DKIM. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set.
