Re: [Asrg] overloading server names doesn't work, was who has the message

Daniel Feenberg <feenberg@nber.org> Tue, 09 February 2010 12:12 UTC

Return-Path: <feenberg@nber.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE52E3A754A for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 04:12:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.462
X-Spam-Level:
X-Spam-Status: No, score=-6.462 tagged_above=-999 required=5 tests=[AWL=0.136, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2ooK6YQcXfg for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 04:12:27 -0800 (PST)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by core3.amsl.com (Postfix) with ESMTP id E85353A71A3 for <asrg@irtf.org>; Tue, 9 Feb 2010 04:12:26 -0800 (PST)
Received: from nber6.nber.org (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.3/8.13.8) with ESMTP id o19CDK2Q072607 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Tue, 9 Feb 2010 07:13:21 -0500 (EST) (envelope-from feenberg@nber.org)
Received: from nber6.nber.org (localhost [127.0.0.1]) by nber6.nber.org (8.13.8+Sun/8.12.10) with ESMTP id o19CBxpE019204; Tue, 9 Feb 2010 07:11:59 -0500 (EST)
Received: from localhost (Unknown UID 1079@localhost) by nber6.nber.org (8.13.8+Sun/8.13.8/Submit) with ESMTP id o19CBw8b019201; Tue, 9 Feb 2010 07:11:59 -0500 (EST)
X-Authentication-Warning: nber6.nber.org: Unknown UID 1079 owned process doing -bs
Date: Tue, 09 Feb 2010 07:11:58 -0500
From: Daniel Feenberg <feenberg@nber.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <alpine.BSF.2.00.1002082110250.10191@simone.lan>
Message-ID: <Pine.GSO.4.64.1002090709480.19196@nber6.nber.org>
References: <20100209012039.98092.qmail@simone.iecc.com> <4B70BCCB.5020405@dcrocker.net> <alpine.BSF.2.00.1002082110250.10191@simone.lan>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20100208 #3451979, check: 20100209 clean
Cc: dcrocker@bbiw.net
Subject: Re: [Asrg] overloading server names doesn't work, was who has the message
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 12:12:29 -0000

On Mon, 8 Feb 2010, John R Levine wrote:

>>> ISP in the UK.  Can you describe the DNS changes needed if they were
>>> publishing a spam button address?
>>> $ dig  mail.btinternet.com a
>>> ;; ANSWER SECTION:
>>> mail.btinternet.com.    600     IN      CNAME 
>>> pop-smtp.bt.mail.yahoo.com.
>>> pop-smtp.bt.mail.yahoo.com. 1800 IN     CNAME 
>>> pop-smtp.bt.mail.fy5.b.yahoo.com.
>>> pop-smtp.bt.mail.fy5.b.yahoo.com. 300 IN A      217.12.13.134
>>> pop-smtp.bt.mail.fy5.b.yahoo.com. 300 IN A      217.146.188.192
>> 
>> I don't hack DNS records enought to be sure, but it appears to need exactly 
>> one new record:
>> 
>> _report.pop-smtp.bt.mail.fy5.b.yahoo.com IN TXT   abuse-report@yahoo.com
>
> Nope, that won't work.  CNAMEs don't do a partial match.
>
>> _report.pop-smtp.bt.mail.fy5.b.yahoo.com IN TXT   abuse-report@yahoo.com
>> _report.pop-smtp.bt.mail.yahoo.com IN TXT   abuse-report@yahoo.com
>> _report.mail.btinternet.com IN TXT   abuse-report@yahoo.com
>
> That won't work, either.  You can't have DNS records below a CNAME.
>
> By the way, I was wrong about SRV records.  This DNS hack just doesn't work, 
> but it won't work much more elegantly with RP records.  See RFC 1183.
>

What is the objection to attaching the TXT record to the A record? I 
realize that it means that a single arf-reporting system must serve 
several CNAMEs, but that is a common requirement for many network 
services, and I rarely see complaints about it.

Daniel Feenberg

> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> "I dropped the toothpaste", said Tom, crestfallenly.
> _______________________________________________
> Asrg mailing list
> Asrg@irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
>