Re: [Asrg] seeking comments on new RMX article

[Vernon Schryver <vjs@calcite.rhyolite.com>]

> From: Michael Rubel <asrg@mikerubel.org>

> ...
> VS> Yes, I did not realize that RMX was based on the notion that I've
> VS> previously characterized as stuffing the Internet back into the old
> VS> big BBS model favored by AOL. ...

> ...
> The effect of RMX is to give domain owners a way to prevent third parties
> from making email appear to come from them. 

That is the intended effect of RMX, but it is not the only effect.

>                                              It has no bearing on who owns
> or operate domains.  Nor does it, so far as I can tell, "forc[e] users to
> pick an ISP and stick to it."  Any ISP capable of getting the packets to and
> from your mail servers will do.

That is mistaken, unless you assume big-BBS model in which individual
computers are dumb terminals connected to a single big BBS style ISP.
Whether you other raw connectivity ISPs or a dialup modem through the
telephone system to reach the big BBS ISP is irrelevant to the big
BBS style of Internet you posit.

The common mode that you would outlaw is where people send from one
IP address with an unrelated envelope Mail_From value.  For example,
many people configure their computers at work to send with a envelope
and header value of a mailbox at a free provider.  They do this to
avoid entanglements between their words and their employer.  Because
are not named Bill Gates, they can't get Hotmail's RMX data to authorize
their sending IP address, if they know it, which may be literally
impossible because of NAT.

Another common case involves people traveling.  If you plug your laptop
into the network of a hotel or one of your consulting clients, you
might prefer to use an envelope and From header address at your home
systems instead of room1234@losangeles.merriot.com or guest@example.com.


> VS> Have you considered Paul Vixie's version of RMX?  Given the premise
> VS> of requiring users to have a "home sending MTA," why isn't Paul's the
> VS> obvious and only reasonable instantiation of the idea?  What do new
> VS> RRs buy that do not come from MX records, except a lot of problems?
>
> If I understand his proposal correctly (and with all due respect to Paul),
> the main problem is that a lot of domains don't obey this convention yet,
> and you have no way to know which ones do and which ones don't.  So you
> can't make very strong decisions based on it.  That's why you accept email
> from cyndi@hotmail.com, even if it obviously arrives from a third-party IP
> address.
>
> RMX records give us an upgrade path--a domain declares that it now conforms
> to this convention by setting up an RMX records.

There are several problems with that reasoning.  
  - it assumes that Hotmail will ever have RMX records.  Because having
      RMX records would drive away a significant number of Hotmail's
      users, you'll always have decide to accept mail from cyndi@hotmail.com
      
  - it assumes that you can't already decide to accept mail with Hotmail
      sender addresses only if it comes from a Hotmail SMTP client.  In
      fact it is common to check that the source of Hotmail mail is
      Hotmail.

  - for a long time, very few systems will have RMX records, so
      upgrade paths are irrelevant.

  - if you want to mark systems that follow Paul's convention so that
      you know which don't, you could pick a large MX preference that
      its extremely unlikely to be used for anything today.  For
      example, I bet that among the millions of MX RRs today, none
      has the preference 65391.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg