IETF Logo Mail Archive

Re: [DNSOP] Rejecting Practice for Theory (was Re: relax the requirement for PTR records?)

"Darcy Kevin (FCA)" <kevin.darcy@fcagroup.com> Thu, 14 May 2015 22:16 UTC

Return-Path: <kevin.darcy@fcagroup.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B961ACE39 for <dnsop@ietfa.amsl.com>; Thu, 14 May 2015 15:16:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7H6rc3seSFIh for <dnsop@ietfa.amsl.com>; Thu, 14 May 2015 15:16:01 -0700 (PDT)
Received: from shbmap07.extra.chrysler.com (shbmap07.out.extra.chrysler.com [129.9.75.105]) by ietfa.amsl.com (Postfix) with ESMTP id F0ED71ACE37 for <dnsop@ietf.org>; Thu, 14 May 2015 15:16:00 -0700 (PDT)
Received: from shbmap09.shdc.chrysler.com (Unknown_Domain [151.171.73.109]) by shbmap07.extra.chrysler.com (Symantec Messaging Gateway) with SMTP id 0A.4F.05027.0AE15555; Thu, 14 May 2015 18:16:00 -0400 (EDT)
X-AuditID: 81094b67-f79f26d0000013a3-75-55551ea0fe93
Received: from MXPA4CHRW.fgremc.it (Unknown_Domain [151.171.20.20]) by shbmap09.shdc.chrysler.com (Symantec Messaging Gateway) with SMTP id 80.1B.04821.0AE15555; Thu, 14 May 2015 18:16:00 -0400 (EDT)
Received: from mxph2chrw.fgremc.it (151.171.20.46) by MXPA4CHRW.fgremc.it (151.171.20.20) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 14 May 2015 17:15:59 -0500
Received: from mxph4chrw.fgremc.it (151.171.20.48) by mxph2chrw.fgremc.it (151.171.20.46) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 14 May 2015 17:15:55 -0500
Received: from mxph4chrw.fgremc.it ([fe80::cc0c:cb4f:1b3f:2701]) by mxph4chrw.fgremc.it ([fe80::cc0c:cb4f:1b3f:2701%18]) with mapi id 15.00.1076.000; Thu, 14 May 2015 17:15:55 -0500
From: "Darcy Kevin (FCA)" <kevin.darcy@fcagroup.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Rejecting Practice for Theory (was Re: relax the requirement for PTR records?)
Thread-Index: AQHQjh447/Wza3CzOEahdEMcbtfaj517eDYAgACIrCA=
Date: Thu, 14 May 2015 22:15:54 +0000
Message-ID: <17d59c729fcf42fda333d32c643438dd@mxph4chrw.fgremc.it>
References: <D1793352.B1839%Lee@asgard.org> <20150514081542.70a24926@casual> <55545D48.6040303@redbarn.org>
In-Reply-To: <55545D48.6040303@redbarn.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [151.171.20.208]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrKIsWRmVeSWpSXmKPExsUyfbVnru4CudBQg23HBS3uvrnM4sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujPZL/SwF2yUr3i+fxtrAeFaki5GTQ0LARGLZzw52CFtM4sK9 9WxdjFwcQgKXGCVu/rzLDFN0YTlIEUjiJKPEu8PXWSCcdYwSm2Z0M8I5zVM+MkE4Oxklmh40 MIH0swH1L7wCMUtEQFXiwr/vYHFhgVSJAy3LWSDiaRKLFz1gg7CtJB5dawerZwGqv9fwE+xA XgEnia4Nx4F6OYAW5Er8XiIOEuYU0JZ4uOwRK4jNCPTD91NrwMYzC4hL3HoynwniBQGJJXvO Q70jKvHy8T9WCNtAYuvSfSwQtpLEy85H7BC9OhILdn9ig7C1JZYtfM0McYKgxMmZT8DqhYBO 61/7EhwsEgJ/2SXmfZjEPoFRZhaS3bOQzJqFZNYsJLMWMLKsYpQuzkjKTSwwMNdLrSgpStRL ziiqLM5JLdJLzs/dxAiM50ZO7/QdjFcWWh5iFOBgVOLh9ZAMDRViTSwrrsw9xCjNwaIkzjv9 X0iokEB6YklqdmpqQWpRfFFpTmrxIUYmDk6pBsY+F4vp8/L3+iz8mpDhV6+g/mjCFPED0umy Rw7NXjnH4JPSBANz5ebbtkyf2zJ/F8w4qF7O65K302Xhsej7YRftQmQbpBwSuWZtuzI1fvLR tfOvf7IqXDGhsUxC3eV9+rdn1/zuzNZfUHfaxV67/nJsPfMn010idfLTbjxsuZYsMuvnScnW E6VKLMUZiYZazEXFiQBHydCDyAIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrAKsWRmVeSWpSXmKPExsUyfbWIiO4CudBQg39LWS3uvrnM4sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujPZL/SwF2yUr3i+fxtrAeFaki5GTQ0LAROLC8g52CFtM4sK9 9WxdjFwcQgInGSXeHb7OAuGsY5TYNKObEc5pnvKRCcLZySjR9KCBCaSfDWjWwit3mUFsEQFV iQv/voPFhQVSJQ60LGeBiKdJLF70gA3CtpJ4dK0drJ4FqP5ew0+wO3gFnCS6NhwH6uUAWpAr 8XuJOEiYU0Bb4uGyR6wgNiPQqd9PrQEbzywgLnHryXwmiBcEJJbsOc8MYYtKvHz8jxXCNpDY unQfC4StJPGy8xE7RK+OxILdn9ggbG2JZQtfM0OcIChxcuYTsHohoNP6175kn8AoOQvJullI 2mchaZ+FpH0BI8sqRqnijKTcxAIDS73ijJRkveSMosrinNQiveT83E2M4Aj0zNnB+H+h5SFG AQ5GJR5ea6nQUCHWxLLiytxDjJIcTEqivIrXQ0KF+JLyUyozEosz4otKc1KLDzFKcDArifDu +wuU401JrKxKLcqHSUlzsCiJ86oUOAQKCaQnlqRmp6YWpBbBZGU4OJQkeB/KAO0RLEpNT61I y8wpQUgzcXCCDOcBGp4sC1TDW1yQmFucmQ6RP8UoKSXO6wuSEABJZJTmwfW+YhQHekGYVxck ywNMpnBdr4AGMgENTH0Hcm1xSSJCSqqBccWKm+zNMUZTyzym3Viyq2rdg5XVxRoXzpksVGFh 1ivba9ayMXoC62eH8nT+JZN33rw+deWleeGN9vVbpW696/xvzFdXesInKsx0cdPXNIWQ/3nn lkQdsTcs//wgJ+nDwSpeFX3DnZPMLnYrZIgLTxUxy43pMVlbkuEqF/714JTI5mC3bBMJJZbi jERDLeai4kQAKeAi4mMDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/HIDcHqG4C3cjyezfHMA6uo26MZw>
Subject: Re: [DNSOP] Rejecting Practice for Theory (was Re: relax the requirement for PTR records?)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 22:16:03 -0000

My 2 cents...

The presence or absence of a PTR record is, to me, like a reverse-DNS Literacy Test.  

History records that Literacy Tests didn't fare too well, as voting requirements, in the "real" (non-IT) world. In fact, they were just thin pretexts for racial bigotry, recognized as such, and eradicated. http://en.wikipedia.org/wiki/Literacy_test#voting

Do we think that a reverse-DNS Literacy Test will fare any better, as a way to ensure that only "fine, upstanding, properly-complected" TCP/IP-capable devices send mail? I'm all for combatting spam, and I'm all for populating reverse DNS, where it makes sense for certain device classes or types, but I just don't see the value of linking those things together. It's a bad marriage.

Lastly, what causes us, as a private enterprise, more heartburn in practice, is not missing PTRs, but *mismatched* PTRs (the RDATA of the PTR resolves to a *different* A/AAAA record). The compulsive drive to machine-generate PTRs, combined with sloppy maintenance processes and controls, actually exacerbates *that* problem. It would actually be better "if you can't do it right, then don't do it at all", with respect to PTR-record creation, among many of our hosting providers.

										- Kevin

-----Original Message-----
From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Paul Vixie
Sent: Thursday, May 14, 2015 4:31 AM
To: Shane Kerr
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Rejecting Practice for Theory (was Re: relax the requirement for PTR records?)



Shane Kerr wrote:
> ...
>
> However, as far as I can tell everyone insisting that PTR is important 
> is arguing that the world would be a better place if every endpoint on 
> the Internet was equal.

if by "equal" you mean "so expensive that it won't be an open relay, won't get infected with relaying malware, will be monitored, will be upgraded, and its owner will accept complaints about it" then yes i'd argue that the world would be a better place if every endpoint on the internet was "equal".

however, it ain't so, and ain't ever gonna be so. most devices are cheap, mobile, proprietary shankware. IoT is going to accelerate that trend unimaginably (unless you have an exquisitely dark imagination.)

so, given that endpoints aren't equal, and that by sheer mass of numbers, most endpoints are dangerous to themselves and others, i'd like some method by which i, as an SMTP responder, can tell the difference.

lack of PTR, and machine-generated PTR, are pretty good telltales, just expensive in the case of machine-generated. any rules change should either make that situation better, or at minimum, not make it worse.

but i think i'm offering a minor summary-correction, in that i'm not arguing for endpoint equality. rather, i'm arguing that in the proved absence of such equality, we have other steps we MUST take as receivers.
("be liberal in what you accept" stopped being a good idea in 1995 or so when commercialization/privatization took hold.)

--
Paul Vixie

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email