dar...@chaosreigns.com a écrit : > On 02/13, Matus UHLAR - fantomas wrote: >> So the only effect of MTX should be confirmation that a machine may send >> mail? > > Yes. > >> So why the complicated check for DNS record combining DNS name and IP? >> Why not simply requesting that machine has a "mail" or "smtp" in its DNS >> name? > > I answered that recently. > > (I need to state that such a method would require a full circle DNS check. > Not a problem) > > 1) I am not comfortable requiring people to modify existing host names to > participate. >
fully agreed. an IP is not necessarily dedicated to mail, so there is no reason to force people to put "mail" in it. and snow shoe spammers already use names "that people want"... > 2) Probably more importantly, I am concerned about the possibility of > spammers tricking DNS maintainers into giving them such host names. > > These two problems are handled by > http://tools.ietf.org/draft/draft-stumpf-dns-mtamark/draft-stumpf-dns-mtamark-04.txt > which was recently mentioned by Justin Mason. > > > The advantage MTX has over mtamark, which I believe is important, is that > MTX ties the spam to a domain name, which is tied to a registrar, which can > be subpoenaed for the identity of the spammer. mtamark leaves the spam > still only tied to the transmitting IP, which I believe is less convenient > to track. Especially given IP hijacking via BGP. Nasty. > did you take a look at CSA http://mipassoc.org/csv/draft-ietf-marid-csv-csa-02.txt it uses an SRV record instead of the "so-much-abused reverse dns hack". Anyway, such approaches are only helpful if widely adopted. otherwise, the overhead is not worth the pain. At this time, just register your IP in DNSWL.
