On Apr 14, 2009, at 6:57 AM, Paul Vixie wrote:
An alternative would be to require MX records to assert SMTP
service. A positive assertion will not impose additional burdens
on root servers, but will necessitate explicit DNS provisions to
exchange SMTP messages. With 19 out of 20 messages being abusive
and largely from compromised systems, requiring a domain to assert
their intent to exchange public SMTP messages will encourage
adoption without burdening root servers with strategies sure to
generate extraneous traffic beyond their control.
this also worries me since it makes good mail less deliverable as
the cost of stopping blowback, and it won't slow bad mail down at all.
Reverse DNS could be placed in the same category. Reverse DNS is not
well supported on some networks. Resulting DNS timeouts reduces MTAs
resources and can lead to chronic unseen failures to connect. This
does cause the loss of good email.
A domain might make exceptions to a MUST HAVE MX RR rule at their MTA
that is receiving messages from systems they monitor whenever adding
an MX RR for the domain would otherwise attract undesired email
abuse. With a required MX RR convention, not publishing the MX record
will offer greater protection from abuse for all hosts that publish IP
address records in DNS. As IPv6 becomes more widely used and Internet
use becomes more diversified, more embedded devices and networks may
be unable to endure the typical email abuse caused by backscatter or
various checks made in an effort to determine whether a domain accepts
the SMTP message traffic.
A required MX RR rule answers the question of SMTP exchange without
burdening either uninvolved hosts or roots. This rule may become a
necessity in response to poorly considered tactics often used to
defend MTAs from abuse. Passing email's burdens onto otherwise
uninvolved systems will not better defend the Internet. Publishing an
MX record would be a minor step toward increased protections and in
ensuring email delivery which most domains have already taken.
-Doug
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
