nanog mailing list archives
Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
From: Brad Knowles <brad.knowles () skynet be>
Date: Mon, 26 Aug 2002 23:41:36 +0200
At 9:12 PM +0200 2002/08/26, Jeroen Massar wrote:
ISP's should actually block port 25 outgoing, or even better, reroute/forward it to their own mail relay.
Agreed.
This will force people to use their upstreams email address though when sending email outbound.
Yup.
IMHO, Paul's idea is quite a good one, but all servers will need to be upgraded, and all dns entries installed.
I still think that it causes problems for mailing lists.Moreover, you need to know the complete outbound path for all e-mail, from soup to nuts, so that you can add all those machines to the list of known mail-from MX entries for your domain.
I'm sorry, complete information like this just doesn't exist anymore. Knowledge like this did exist twenty or more years ago, back when there were only a few UUCP nodes. But even then, things quickly got to a point where people couldn't possibly know all possible paths between any two points, and people just listed their address from a small set of "well known" nodes.
Unfortunatly that will take some time, installing a tool like spamassasin/razor etc is much more effective even though those tools won't stop spammers.
I disagree that it would stop spammers. Even if everything else worked, all it would require is that they get more creative in faking e-mail addresses. They just have to make sure that when the mail is delivered to you, it comes through a machine that is on the list of MXes for the mail-from entry for the domain. Put a simple wildcard MX in there (and nothing else), and it should match anything.
Moreover, even if all servers on the Internet were secured in this manner and there were no open relays, it would also require perfect reverse DNS because the MXes are listed by name and not IP address -- that's assuming you do a reverse lookup on the IP address and require that the returned name is on the list.
If you do a forward lookup (taking each of the listed MXes for mail-from and looking up their IP address), that would require that no one use DNS-based or geographical-based load-balancing, because then the forward lookup on the name might not match the IP address of the sending relay.
At least it will help a bit against one of the bigger internet "problems".
I agree with the overall IETF approach of implementing something and seeing if it works (as opposed to talking things to death), but this is a case where I fear that the proposed solution could only work in a perfect world, and even then it would have some serious problems.
-- Brad Knowles, <brad.knowles () skynet be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
Current thread:
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at, (continued)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Paul Vixie (Aug 29)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at David Van Duzer (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Paul Vixie (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Paul Vixie (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Barry Shein (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Brad Knowles (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Paul Vixie (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at Brad Knowles (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Jim Hickstein (Aug 27)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Brad Knowles (Aug 28)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Brad Knowles (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Randy Bush (Aug 26)
- RE: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Jeroen Massar (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) John Kristoff (Aug 26)
- RE: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Jeroen Massar (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) John Kristoff (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Martin (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) John Kristoff (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Martin (Aug 26)
- Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Paul Vixie (Aug 26)
- RE: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org) Vivien M. (Aug 26)