Re: [Asrg] draft-irtf-asrg-criteria is missing Outbound MTA definition.

[Douglas Otis <dotis@mail-abuse.org>]

On Jun 29, 2009, at 11:46 PM, Danny Angus wrote:
>
> I'm not sure what this is about..
>
>> The draft should drop its current definition of Sender.  Spam does  
>> not just originate from purported RFC 5321 Senders, nor is it safe  
>> to assume that an MTA authorization referenced by an RFC 5321  
>> Sender asserts where a message was initially created and entered.   
>> Authorization does not provide this
>> property.

Please carefully review the Sender definition.  The RFC 5321 Sender  
does not indicate or assert where a message originated, or who created  
message content, be they automated system, group, or individual.  This  
mistaken concept has often been (ab)used by those promoting path  
registration as a means to authenticate originating domains.  Those  
who advocated path registration as a means to filter email soon found  
bad actors defeated these filters.   Those who expect path  
registration provides a means to authenticate originating domains will  
also find bad actors will also demonstrate this concept is also  
flawed.  Few Outbound MTAs ensure exclusive use of a domain.  It is  
also anyone's guess as to whether path registration is in regard to  
the MAIL command, or the PRA.

>> Stronger statements along the lines of scaling might be helpful.   
>> It seems increasing potential DNS transactions by an order of  
>> magnitude or more has not been given adequate consideration in some  
>> anti-spam efforts. :^(
>
> I think the statements about scaling are clear, do you not?

These statements are not strong enough.  Email is being heavily  
abused.  Every incremental overhead must be carefully reviewed as to  
its potential impact.

-Doug