Re: MTX plugin functionally complete? Re: Spam filtering similar to SPF, less breakage

[mouss <mo...@ml.netoyen.net>]

Darxus@ChaosReigns.com a écrit :
> On 02/13, Matus UHLAR - fantomas wrote:
>> So the only effect of MTX should be confirmation that a machine may send
>> mail? 
> 
> Yes.
> 
>> So why the complicated check for DNS record combining DNS name and IP?
>> Why not simply requesting that machine has a "mail" or "smtp" in its DNS
>> name? 
> 
> I answered that recently.  
> 
> (I need to state that such a method would require a full circle DNS check.
> Not a problem)
> 
> 1) I am not comfortable requiring people to modify existing host names to
>    participate.
> 

fully agreed. an IP is not necessarily dedicated to mail, so there is no
reason to force people to put "mail" in it.

and snow shoe spammers already use names "that people want"...

> 2) Probably more importantly, I am concerned about the possibility of
>    spammers tricking DNS maintainers into giving them such host names.
> 
> These two problems are handled by
> http://tools.ietf.org/draft/draft-stumpf-dns-mtamark/draft-stumpf-dns-mtamark-04.txt
> which was recently mentioned by Justin Mason.
> 
> 
> The advantage MTX has over mtamark, which I believe is important, is that
> MTX ties the spam to a domain name, which is tied to a registrar, which can
> be subpoenaed for the identity of the spammer.  mtamark leaves the spam
> still only tied to the transmitting IP, which I believe is less convenient
> to track.  Especially given IP hijacking via BGP.  Nasty.
> 

did you take a look at CSA
	
http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.txt

it uses an SRV record instead of the "so-much-abused reverse dns hack".


Anyway, such approaches are only helpful if widely adopted. otherwise,
the overhead is not worth the pain.

At this time, just register your IP in DNSWL.

Re: MTX plugin functionally complete? Re: Spam filtering similar to SPF, less breakage

[Jonas Eckerman <jo...@frukt.org>]

On 2010-02-13 21:48, Darxus@ChaosReigns.com wrote:

> Looks like it ties the helo domain to the delivering IP, breaking (broken)
> forwarding just like SPF?

Tying the HELO domain to an IP has does not break forwarding. The host 
name (including domain) used in HELO is independent from the domain used 
in MAIL FROM.

(It's not that use of SPF that breaks (borken) forwarding, it's the 
limits connected to the domain used in MAIL FROM.)

Regards
/Jonas
-- 
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: MTX plugin functionally complete? Re: Spam filtering similar to SPF, less breakage

[Da...@ChaosReigns.com]

On 02/13, mouss wrote:
> Darxus@ChaosReigns.com a écrit :
> did you take a look at CSA
> 	
> http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.txt

I had not, thanks.

Looks like it ties the helo domain to the delivering IP, breaking (broken)
forwarding just like SPF?

> Anyway, such approaches are only helpful if widely adopted. otherwise,
> the overhead is not worth the pain.

I disagree.  But I think you have probably already read my reasons.

> At this time, just register your IP in DNSWL.

I have provided a server since 2007, and been an admin longer.  And wrote
some stuff.  I have assigned a minor penalty to emails not matching DNSWL
for years.  A significant part of my motivation for creating MTX is the
difficulty of maintaining that list.  MTX is very much inspired by DNSWL
- it's the same, except the domain that hosts the records (and omitting
the host "category" in the third octet).  SPF and DNSWL were the two
things in my head at the time that MTX occurred to me.  The bottom of
my MTX page credits them.  http://www.chaosreigns.com/mtx/background/
goes into detail.

-- 
"I'd rather be happy than right any day."
- Slartiblartfast, The Hitchhiker's Guide to the Galaxy
http://www.ChaosReigns.com