RE: [Asrg] Re: RMX and DS Records
"Gordon Fecyk - Home" <gordonf@pan-am.ca> Wed, 05 March 2003 05:13 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA22694 for <asrg-archive@odin.ietf.org>; Wed, 5 Mar 2003 00:13:23 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h255OCL13462 for asrg-archive@odin.ietf.org; Wed, 5 Mar 2003 00:24:12 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h255OC513459 for <asrg-web-archive@optimus.ietf.org>; Wed, 5 Mar 2003 00:24:12 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA22683; Wed, 5 Mar 2003 00:12:52 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h255N4513420; Wed, 5 Mar 2003 00:23:04 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h255Ma513382 for <asrg@optimus.ietf.org>; Wed, 5 Mar 2003 00:22:36 -0500
Received: from srv1.fecyk.ca (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with SMTP id AAA22644 for <Asrg@ietf.org>; Wed, 5 Mar 2003 00:11:16 -0500 (EST)
Received: from gordshome (wnpgmb08dc1-res-93-151.mts.net [142.161.93.151]) by srv1.fecyk.ca (SMTPRCV 0.48) with SMTP id <B0000021113@srv1.fecyk.ca>; Tue, 04 Mar 2003 23:13:20 -0600
From: Gordon Fecyk - Home <gordonf@pan-am.ca>
To: 'Asrg' <Asrg@ietf.org>
Subject: RE: [Asrg] Re: RMX and DS Records
Message-ID: <000e01c2e2d6$3914fa30$975da18e@fecyk.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <5.1.0.14.2.20030305152123.03289950@pop3.corvu.com.au>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 04 Mar 2003 23:15:21 -0600
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
> >On Tuesday, March 4, 2003, at 11:10 PM, Troy Rollo wrote: > >>This breaks automated forwarding. > > > >Couple solutions to that, most of which are documented > pretty well in > >Gordon's proposal ( > > http://www.pan-am.ca/draft-ietf-asrg-dsprotocol-00.txt ). > Actually it says "Another document will identify similar problems and > solutions, including mail forwarding services and the Null Sender envelope > (MAIL FROM:<>)." It was strongly suggested to deal with that in another document to avoid clouding the problem that draft tries to tackle. The above doc deals with secondary MXes only because they're the most popular thing that DS is going to break. > The problem is that this approach assumes that the only significant reason > mail with a given domain can come from a location not in a pre-authorised > set is that it's spam. Actually, it assumes the only reason mail with a given domain is not from an authorized location, is that it's simply not authorized. Wether it's spam or not isn't immediately relevant, aside from the indirect fact that a good chunk of spam has fake envelopes. This protocol could also break e-mail worms since the majority of those fake the sender envelope. Mail forwarding is going to break no matter what proposal is adopted to prevent domain spoofing. I wanted to write another document to address that very problem, but here's a preview. Mail forwarders could modify or augment the sender envelope such as (simplistic example): sender(at)example.com@forwardingservice.foo.bar Or, it could replace (or encapsulate) the sender envelope entirely: (hash-of-sender-envelope)@forwardingservice.foo.bar I can hear you all cringing at that. Null Sender (MAIL FROM:<>) envelopes could be checked further, to ensure that they come from an actual MTA running on a host, and not from a person, by checking all kinds of stuff: forward DNS, rDNS, a RMX or DS record, and whatnot. I think spoofing's become so much of a problem that mail forwarders will have to redesign mail forwarding. I think that's why I've been told not to tackle the problem in the DS document - because forwarders could come up with their own ways to deal with it. -- PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc> What's a PGP Key? See <http://www.pan-am.ca/free.html> GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4> _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] Re: RMX Records Derek J. Balling
- [Asrg] Re: RMX Records Daniel Feenberg
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] domain specific DNS blacklists (or whi… wayne
- Re: [Asrg] domain specific DNS blacklists (or whi… Roland
- [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Roland
- DNS is broken, and by extension so is RMX (Re: [A… Adam Back
- Re: [Asrg] Re: RMX Records Adam Back
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Gary Feldman
- [Asrg] Re: RMX Records Peter A. Friend
- Re: [Asrg] Re: RMX Records Vernon Schryver
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Re: [Asrg] Re: RMX Records Derek J. Balling
- RE: [Asrg] Re: RMX Records Gary Feldman
- Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: [Asrg] Re: RMX Records Alan DeKok
- False positives (was Re: [Asrg] Re: RMX Records) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- RE: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- Re: [Asrg] Re: RMX Records Derek J. Balling
- Re: [Asrg] Re: RMX Records Vernon Schryver
- Re: [Asrg] Re: RMX Records Troy Rollo
- RE: [Asrg] Re: RMX and DS Records Gordon Fecyk - Home
- Re: [Asrg] Re: RMX Records Hadmut Danisch
- Fwd: Re: [Asrg] Re: RMX Records Dr. Jeffrey Race
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Matt Sergeant
- Re: [Asrg] Re: RMX Records Chris Lewis
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Alan DeKok
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Alan DeKok
- [Asrg] Re: False Positives Peter A. Friend
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: [Asrg] Good versus bad (was Re: RMX Records ) David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Terry Carmen
- Re: False positives (was Re: [Asrg] Re: RMX Recor… David F. Skoll
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: [Asrg] Good versus bad (was Re: RMX Records ) Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Chris Lewis
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Kee Hinckley
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… abuse
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Eric S. Johansson
- Re: False positives (was Re: [Asrg] Re: RMX Recor… Wilson Roberto Afonso