On Mon, 2010-02-08 at 22:08 -0500, dar...@chaosreigns.com wrote:
You get an email delivered from 64.71.152.40 (last untrusted relay). You look up the DNS A record for that IP, and get mail.chaosreigns.com.
That's a PTR lookup, but let's press on....
Then you look up the DNS PTR record of 40.152.71.64.designatedsender.mail.chaosreigns.com, and if it's 127.0.0.1, it's a legit email sender and gets some negative SA score.
What you describe here is functionally similar to an SPF lookup with a 'pass' result..... The server provides positive verification that the listed IP is a legitimate sender for that domain.
Otherwise it's not, and gets some positive SA score (low at first until adoption spreads).
As long as 'otherwise' is a definitive 'fail' response from an SPF (or equivalent) server, and not merely an absence of SPF server....
So it's not tied to the SMTP MAIL FROM or anything.
Your method would allow 'spoofing' so that a spammer who hacks a legitimate server can use a valid return address on a different domain, but still the mail would receive a 'passing' grade. At least, with SPF, the spammer must forge an address on the hacked domain, which increases the likelihood of detection....
Forwarding doesn't break.
Ah, so you want to allow 'legitimate' forwarding, but not allow spammers to 'forward' their mail? Good luck with that. The only way to make it work for the legitimate sender, but not for spammers is to have a mechanism built-in to the forwarding server that encapsulates or rewrites the envelope 'From' address.....
Eventually you reject all email from IPs without such records.
In a perfect world.....
Obviously you'd need a blacklist of spammer domains that list spamming IPs as legit senders.
And you would be playing the same 'musical chairs' game with new domains created by spammers on a daily basis. All the same flaws of SPF, and no greater benefit.
Is there any way this wouldn't be very useful?
Is there any place where SPF does not do the same job, other than mail forwarding?
- Charles
