Re: [Asrg] seeking comments on new RMX article
Mike Rubel <asrg@mikerubel.org> Tue, 06 May 2003 04:32 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA26405 for <asrg-archive@odin.ietf.org>; Tue, 6 May 2003 00:32:44 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h464f3E00945 for asrg-archive@odin.ietf.org; Tue, 6 May 2003 00:41:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h464f2800942 for <asrg-web-archive@optimus.ietf.org>; Tue, 6 May 2003 00:41:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA26396; Tue, 6 May 2003 00:32:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Cu9j-00034Z-00; Tue, 06 May 2003 00:34:19 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Cu9j-00034R-00; Tue, 06 May 2003 00:34:19 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h464ch800831; Tue, 6 May 2003 00:38:44 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h464bS800740 for <asrg@optimus.ietf.org>; Tue, 6 May 2003 00:37:28 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA26346 for <asrg@ietf.org>; Tue, 6 May 2003 00:28:38 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Cu6G-000343-00 for asrg@ietf.org; Tue, 06 May 2003 00:30:44 -0400
Received: from cable-modem-221.caltech.edu ([131.215.184.221] helo=tamale.caltech.edu) by ietf-mx with esmtp (Exim 4.12) id 19Cu65-00033y-00 for asrg@ietf.org; Tue, 06 May 2003 00:30:33 -0400
Received: from localhost (localhost [127.0.0.1]) by tamale.caltech.edu (Postfix) with ESMTP id E5094F830; Tue, 6 May 2003 00:30:22 -0400 (EDT)
From: Mike Rubel <asrg@mikerubel.org>
X-X-Sender: mrubel@tamale.caltech.edu
To: Vernon Schryver <vjs@calcite.rhyolite.com>
Cc: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
In-Reply-To: <200305060148.h461mSbr029489@calcite.rhyolite.com>
Message-ID: <Pine.LNX.4.44.0305051946590.11255-100000@tamale.caltech.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 05 May 2003 21:30:22 -0700
VS> Because those networks are dynamically addressed, an ISP with users on VS> networks that allows third party sending (including AOL, Yahoo, and VS> Hotmail) must set their RMX 'bits' to say "authorized" for all addresses VS> in such a network. Vernon, If AOL, Yahoo, or Hotmail wanted to implement RMX, they would cease to allow third party sending; senders would have to send the mail through the official relays (which is the way it's normally done anyway). If an organization doesn't want to forward through one of a limited number of outbound relays, it would not adopt RMX. Right now, a lot of people are blocking all mail claiming to come from AOL, Yahoo, or Hotmail. This is a big problem for those sites, and it's not their fault, since the spam that arrives "from" them is all forged. RMX would give these sites the ability to earn (or spurn) their reputations as honorable, spam-diligent netizens on their own terms. VS> The only fix is to prohibit sending from any mail systems but those VS> of the ISP that owns the IP address. However, if you want to enforce VS> that rule, you don't need any new RMX or other bits. You need only VS> compare reverse DNS and envelope sender domain names. (Yes, reverse VS> DNS can be faked, but that can be reasonably reliably detected by VS> doing an extra forward lookup of the reverse name.) (Yes, in some VS> cases you must do a little more than just comparing the PTR and A RRs, VS> such as fetching all PTR RRs or all A RRs for the PTR name.) Right, except that right now, if I'm a recipient, I can't reject email on the basis that it doesn't come from a machine in the sender's netblock. That's because, a lot of sites (including mine) use the lazy man's solution: send directly from localhost, because there's no reason not to. But RMX gives us a reason to change: by posting RMX records, I'd be saying to the world, "I am choosing to send my mail only from my official relays, and here they are--if you get mail from anywhere else, rest assured that it's a forgery!" > If only 0.2% of canvassers or your incoming email have an ID, would > you bother checking? Depends who it is. If the person claims to be an agent from my bank, or the government, or a business partner, then damn straight I'd check the ID. A better analogy in this case is that I'd actually call up the sender's organization and verify that the person at my door was one of their agents. Not a completely foolproof check, but pretty good. Not everyone has to be using RMX to make it useful. > > Today, as a domain owner, I have no way of telling people 'Mail from my > > domain will only come from these IPs. Any other source is a forgery.' > > Wouldn't be simpler to tell everyone to compare your sender domain name > with your reverse DNS? That's basically all RMX is! It's an organized way for you to tell recipients, "Hey, go ahead and check my reverse DNS--I've actually configured my system in such a way that checking it will be meaningful." > Do you run sendmail with more than 10,000 messages/day and if so, do > you turn on IDENT? My guess is if you answer the first "yes," then > you answer the second "no," because you don't like the costs (especially > delays) of IDENT given its near uselessness against spam or other abuse. > Since the worst spammers (proxy abuses) can have good RMX bits, why > would you bother with extra DNS chatter to get RMX bits? Is your argument is that IDENT is useless against spam, therefore RMX is useless against spam? They're completely different animals... > It looks like your message came from CalTech. Has CalTech never had > a spammer or an open relay? Are you confident that you know and will > continue to know the IP addresses of CalTechs outgoing mail servers? > If you fail to authorize the right address, the RMX idea would have > your mail bounce. If you configured the RMX bits for mikerubel.org > to authorize all 65534 addresses in 131.215.0.0/16, you'd be vulnerable > to any spammer or open relay at CalTech. (Never mind that I can't > find an A or MX RR for mikerubel.org just now, so by RMX-like thinking, > your message should have been rejected.) If RMX were available, I would use it. Caltech's mail servers are only relevant for the .caltech.edu domain, which would set its own RMX records; they have no bearing on mail sent from mikerubel.org. I control the DNS records on the latter. The fact that it's currently part of 131.215/16 is irrelevant. If I were using RMX records for mikerubel.org, then any message you receive from me would arrive from 131.215.118.32/32, or be a forgery. If caltech were using RMX records, then any message from .caltech.edu would arrive from one of the designated outbound caltech mail servers. When you want to send mail to an address at caltech.edu, you look up its MX records and send to one of those; you don't send to just any machine at 131.215/16. Why should receiving mail from caltech.edu be any different? > So you would prohbit sendmail mail except from the mail systems of the > sending domain? If so, why bother with RMX? Why not just enforce matches > between reverse DNS and sending domain? Exactly! RMX records give mail systems a reason to shunt all of their mail through a few specific servers. Think about the migration path--if we just start checking reverse DNS now, it usually won't work (because a lot of sites don't follow the convention). By introducing a new resource record, you give sites a way to declare that they are now following that convention. So... have I sold you on RMX records yet? :) Mike _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- [Asrg] RMX and Privacy Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- [Asrg] Misunderstandings... Alan DeKok
- [RANT] RE: [Asrg] seeking comments on new RMX art… Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] RMX and Privacy Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Steven F Siirila
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Claus Assmann
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- [Asrg] Is there anything good enough? Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Eric Brunner-Williams in Portland Maine
- [Asrg] RMX example Hadmut Danisch
- [Asrg] Willfull and intentional misunderstandings Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Willfull and intentional misunderstand… Michael Rubel
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Is there anything good enough? Barry Shein
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Barry Shein
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] Willfull and intentional misunderstand… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] Willfull and intentional misunderstand… Hadmut Danisch
- Re: [Asrg] rhetoric style Hadmut Danisch
- Re: [Asrg] rhetoric style Jon Kyme
- Re: [Asrg] rhetoric style J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Kee Hinckley
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] rhetoric style Ken Hirsch
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Consent (was Re: [Asrg] seeking comments on new R… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: Consent (was Re: [Asrg] seeking comments on n… J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: Consent (was Re: [Asrg] seeking comments on n… Alan DeKok
- Re: [Asrg] Is there anything good enough? - Spoof… Barry Shein
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- RE: [Asrg] Willfull and intentional misunderstand… Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [MLIST] Re: [Asrg] Is there anything good eno… David Walker
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Mike Rubel
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article waltdnes
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson