IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

Mike Rubel <asrg@mikerubel.org> Sun, 04 May 2003 19:51 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA05698 for <asrg-archive@odin.ietf.org>; Sun, 4 May 2003 15:51:12 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h44Jwo028047 for asrg-archive@odin.ietf.org; Sun, 4 May 2003 15:58:50 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44Jwo828044 for <asrg-web-archive@optimus.ietf.org>; Sun, 4 May 2003 15:58:50 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA05694; Sun, 4 May 2003 15:50:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CPXU-00025j-00; Sun, 04 May 2003 15:52:49 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19CPXU-00025g-00; Sun, 04 May 2003 15:52:48 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44Jv6828022; Sun, 4 May 2003 15:57:06 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44Ju3827991 for <asrg@optimus.ietf.org>; Sun, 4 May 2003 15:56:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA05669 for <asrg@ietf.org>; Sun, 4 May 2003 15:47:39 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CPUY-00025Z-00 for asrg@ietf.org; Sun, 04 May 2003 15:49:46 -0400
Received: from cable-modem-221.caltech.edu ([131.215.184.221] helo=tamale.caltech.edu) by ietf-mx with esmtp (Exim 4.12) id 19CPUO-00025U-00 for asrg@ietf.org; Sun, 04 May 2003 15:49:36 -0400
Received: from localhost (localhost [127.0.0.1]) by tamale.caltech.edu (Postfix) with ESMTP id E244EF830; Sun, 4 May 2003 15:49:22 -0400 (EDT)
From: Mike Rubel <asrg@mikerubel.org>
X-X-Sender: mrubel@tamale.caltech.edu
To: Dave Crocker <dhc@dcrocker.net>
Cc: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
In-Reply-To: <197812365059.20030504065659@brandenburg.com>
Message-ID: <Pine.LNX.4.44.0305041229240.8096-100000@tamale.caltech.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 04 May 2003 12:49:22 -0700

MR> I have written a new article to help explain RMX records, and would
MR> sincerely appreciate any feedback or comments you might have on it.  The
MR> article here can be found here:

DC> The premise of the scheme is in the following text:

	Detecting a forgery begins by realizing that email systems never
	legitimately use third-party relays anymore.

Dave,

Thank you very much for writing!

I must respectfully disagree; this is emphatically not the premise of the
scheme.

The sentence you cite comes from the section on how present-day forgery
detection works.  If you read on, about two paragraphs below, I write:

	The problem with the forgery check just described is that while
	<em>most</em> sites obey this convention, there is no shortage of
	exceptions and marginal cases.  One issue is that small sites
	sometimes use their hosting company's mail server, and the
	business relationship might not be obvious from whois records.
	Also, some organizations do not (yet) provide remote
	authenticated SMTP services for traveling members, relying
	instead on laptops which send their messages directly.
	
	However, there is a way to make the forgery check robust, which
	we shall now demonstrate by way of example.

It is not until after this point that RMX records are introduced.

In order to make this point clearer, I have added the text:

	(certain exceptions to this rule, discussed below, are the reason
	forgery detection is currently an inexact science)

immediately after the phrase you cite.

Does that make it clearer?

Thanks again--

Respectfully yours,
Mike

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email