IETF Logo Mail Archive

Re: [Asrg] Re: RMX Records

Hadmut Danisch <hadmut@danisch.de> Tue, 04 March 2003 09:30 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10159 for <asrg-archive@odin.ietf.org>; Tue, 4 Mar 2003 04:30:37 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h249f2O20012 for asrg-archive@odin.ietf.org; Tue, 4 Mar 2003 04:41:02 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249f2p20009 for <asrg-web-archive@optimus.ietf.org>; Tue, 4 Mar 2003 04:41:02 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10151; Tue, 4 Mar 2003 04:30:06 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249e6p19963; Tue, 4 Mar 2003 04:40:06 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h249dFp19873 for <asrg@optimus.ietf.org>; Tue, 4 Mar 2003 04:39:15 -0500
Received: from sklave3.rackland.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10118 for <asrg@ietf.org>; Tue, 4 Mar 2003 04:28:18 -0500 (EST)
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.8/8.12.8/Debian-1) with BSMTP id h249U80j009591; Tue, 4 Mar 2003 10:30:08 +0100
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.6/8.12.6/Debian-8) id h249Sdiq002165; Tue, 4 Mar 2003 10:28:39 +0100
From: Hadmut Danisch <hadmut@danisch.de>
To: Adam Back <adam@cypherspace.org>
Cc: asrg@ietf.org
Subject: Re: [Asrg] Re: RMX Records
Message-ID: <20030304092839.GA1965@danisch.de>
References: <20030304000807.A4309027@exeter.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20030304000807.A4309027@exeter.ac.uk>
User-Agent: Mutt/1.4i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 04 Mar 2003 10:28:39 +0100

On Tue, Mar 04, 2003 at 12:08:07AM +0000, Adam Back wrote:
> Hadmut Danisch wrote:
> > Even when I'm on the road and using a foreign ISP on the other side
> > of the world, I always drop my email to the very same relay machine,
> > simply because thats easier. My notebook doesn't need to bother with
> > DNS queries and temporarily unavailable peers.  I drop all my
> > outgoing mail to central host, and this host is doing the job.
> 
> That doesn't generally work because the mail hub will tend to reject
> mail so sent because you're coming from a different ISP.  eg. sales
> person uses aol.com, eartlink.net (or other international ISP) drops
> of mail at mail.foo.com mail hub, and if the mail hub isn't vulnerable
> to the open relay problem, it will reject the mail.


Hmm, I silently presumed that everybody is aware that we don't
have an open relay. The machine supports several kinds of
authentication through STARTTLS and SASL. You can drop mail only
if you authenticated before. 

(I don't even use SMTP to drop my mail. All mail sent from home
(DSL with dynamic IP) or when I'm on the road is exchanged with
the central Mail hub through BSMTP/UUCP over SSL. That's much 
faster, more secure and more robust than plain SMTP.)





 
> The other problem with RMX is that it relies on DNS which itself has
> horrendous security vulnerabilities due to inherent limitations in the
> protocol.  RMX inherits them and so is inherently easy to spoof and
> bypass.  See for example: http://www.securityfocus.com/guest/17905
> for a good survey paper on DNS vulnerabilities.


Agreed, but we won't get rid of DNS here, and in context of 
mail transfer we need DNS anyway. Fixing the security problems of 
DNS is the task of another IETF working group. We shouldn't try
to improve the whole world, but focus on spam.







> Also I'm not sure as another poster noted how much it even helps:
> disposable ISP free accounts (AOL CD syndrome) are a major source,
> with RMX the problem is not even improved.

I don't see the problem. If anyone uses such a CD, she is still 
limited to the aol domain and can't send e.g. as @hotmail.com or
@danisch.de. 

Furthermore, I see the end of the AOL CD era coming for several
reasons. First is, that people are throwing their modems and 
ISDN cards away and are running to have a DSL account. Sales
of modems and ISDN cards have dramatically decreased. That's the
end of those AOL CDs.

Second is, under german - and I believe under european - law 
ISPs are required to state their customers identity. I guess
the same will come in the USA after 9/11. It will become
more and more difficult to have anonymous access to the internet.


Third, when a thing like RMX comes to fly, anonymous customers
will have to find a RMX covering the AOL addresses in order to 
send spam. There will be very few domains doing so, maybe just
aol.com. If AOL goes on with supporting spam, they will be 
blacklisted (which is effective in this case). They will have
to solve the problem.




regards
Hadmut


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email