Re: [Asrg] domain specific DNS blacklists (or whitelists)
Roland <list-asrg@openrbl.org> Mon, 03 March 2003 20:36 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11952 for <asrg-archive@odin.ietf.org>; Mon, 3 Mar 2003 15:36:23 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h23KkVl24261 for asrg-archive@odin.ietf.org; Mon, 3 Mar 2003 15:46:31 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h23KkVp24258 for <asrg-web-archive@optimus.ietf.org>; Mon, 3 Mar 2003 15:46:31 -0500
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11916; Mon, 3 Mar 2003 15:35:52 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h23Kj8p24147; Mon, 3 Mar 2003 15:45:08 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h23KhCp24065 for <asrg@optimus.ietf.org>; Mon, 3 Mar 2003 15:43:12 -0500
Received: from vqx.net (vqx.net [198.78.66.238]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11766 for <asrg@ietf.org>; Mon, 3 Mar 2003 15:32:33 -0500 (EST)
Received: from (AUTH: e40a9cea) by vqx.net with esmtp (courier-0.40) for <asrg@ietf.org>; Mon, 03 Mar 2003 20:31:33 +0000
Orig-Date: Mon, 03 Mar 2003 21:32:01 +0100
From: Roland <list-asrg@openrbl.org>
To: ASRG <asrg@ietf.org>
Subject: Re: [Asrg] domain specific DNS blacklists (or whitelists)
In-Reply-To: <x44r6kckw1.fsf_-_@footbone.midwestcs.com>
References: <Pine.GSO.4.10.10303021850100.11719-100000@nber1.nber.org> <20030303092027.GA3073@danisch.de> <x44r6kckw1.fsf_-_@footbone.midwestcs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-ID: <courier.3E63BBA5.00006692@msgid.vqx.net>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 03 Mar 2003 20:31:33 +0000
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
--wayne wrote on 03.03.03 13:25 -0600: > In <20030303092027.GA3073@danisch.de> Hadmut Danisch <hadmut@danisch.de> writes: > >> > Why this is superior to Adam Filip's proposal ( >> > http://groups.google.com/groups?q=vixie+mx+records+spam&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3E18B0B3.43939A35%40Andrzej.Adam.Filip&rnum=10 >> > ) to overload the existing MX record? > > This proposal appears to overload A records, not MX records. Getting a new RR implemented into bind will likely take years, a solution based on the existing records could be much faster. The solution as presented in the posting of Andrzej Filip would reject mail from the whole NU-TLD by default, and also from any domain which has a wildcard defined: $ dig 4.3.2.1.smtp-out.anything.nu At least one should reject only if 127.0.0.2 gets returned, many dnsbl-implementations already allow to distinguish by the last octet, and there are many more mta's than sendmail. (which should be _immediately_ updated to 8.12.8 because of a dangerous remote root-compromise btw) But the current scheme of dnsbl really only works for blacklists, this application would be a whitelist by definition and the implementation requires some more work. One solution could be to reserve a magic (like 127.0.0.127 or maybe better something like 255.255.255.255) for this purpose and create some kind of standard which also may be used by other whitelists, and can be easy integrated into the code of existing dnsbl-clients. A-records are preferred because all dnsbl-clients (except rblsmtpd which only queries for TXT) already know how to look them up. Roland _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] Re: RMX Records Derek J. Balling
- [Asrg] Re: RMX Records Daniel Feenberg
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] domain specific DNS blacklists (or whi… wayne
- Re: [Asrg] domain specific DNS blacklists (or whi… Roland
- [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Roland
- DNS is broken, and by extension so is RMX (Re: [A… Adam Back
- Re: [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Gary Feldman
- [Asrg] Re: RMX Records Peter A. Friend
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Derek J. Balling
- RE: [Asrg] Re: RMX Records Gary Feldman
- Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: [Asrg] Re: RMX Records Alan DeKok
- False positives (was Re: [Asrg] Re: RMX Records) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- Re: [Asrg] Re: RMX Records Derek J. Balling
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- RE: [Asrg] Re: RMX and DS Records Gordon Fecyk - Home
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Fwd: Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: [Asrg] Re: RMX Records Chris Lewis
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Alan DeKok
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Alan DeKok
- [Asrg] Re: False Positives Peter A. Friend
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: [Asrg] Good versus bad (was Re: RMX Records ) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Terry Carmen
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Wilson Roberto Afonso