Re: [Asrg] draft-irtf-asrg-criteria (was Re: request for review for a non FUSSP proposal)

[Douglas Otis <dotis@mail-abuse.org>]

On Jun 25, 2009, at 10:40 AM, J.D. Falk wrote:

> Danny Angus wrote:
>
>> I tried some time ago to articulate some tests which any proposal  
>> ought
>> to at least acknowledge, which you can find here..
>> http://www.killerbees.co.uk/draft-irtf-asrg-criteria-00.html
>>
>> You may find them helpful.
>
> Nicely done; I think this could be the start of a very useful  
> document.  Any interest in starting up work on it again?
>
> First steps could be:
> - update terminology to match draft-crocker-email-arch
> - include some examples taken from other RFCs, both successful and  
> non-

This draft overlooked an important area.  It assumes a viable and  
scaleable means to identify initial senders when confronting massive  
levels of abuse.  Simply put, without a two tier approach to abuse  
that begins by identifying outbound MTAs, email will not remain  
viable.  This paper overlooks that need.

- Include a means for efficient and efficacious host name  
identification and domain level authorization of systems granting  
access for outbound public (non-authenticated port 25) SMTP messages.

Even reverse DNS queries often impose a too great of a burden on  
resources due to bot-net related abuse. :^(

Reducing the number of systems that need vetting are best consolidated  
by identifying the outbound MTA explicitly signified as providing this  
service within the forward facing name space.  A means to explicitly  
facilitate this function becomes more necessary with increased  
inclusion of IPv6 and further growth of bot-nets.  Once outbound MTAs  
provide stable and specific identifications within the domain name  
space, the immediate vetting this allows provides a much needed  
reduction on the resource burdens imposed upon SMTP by abuse.   These  
schemes should also not cause undue burden on DNS either.

-Doug