Home page logo
/

nanog logo nanog mailing list archives

Re: Fun new policy at AOL
From: Jack Bates <jbates () brightok net>
Date: Fri, 29 Aug 2003 16:07:20 -0500


JC Dill wrote:

Either the webmail solution meets your needs, or you need to obtain service from a company that offers a solution that meets your needs. Why is this so hard to understand?


Or people implement a protocol that doesn't break existing uses of the system (let's not forget the issues with many mailing-lists and .forward files).

Personally, I like the idea of verifying that an IP address that is sending mail is allowed to send mail according to domain X, which is either verified by the mail from rhs or by the (he|eh)lo parameter. One or the other should be able to be verified; mail from rhs when at the home network and (he|eh)lo parameter at remote sites. Checking the MX records for each would make a good portion of the current mail servers compliant (except those with seperate outbound/inbound servers) and having a different tag (txt, new DNS record, special dns tag like outmail.fqdn) would allow outbound only servers to quickly meet compliance.

It's quicker and more simplistic than any proposal I've read. It doesn't break anonymous forwarding or sending mail through other provider's smtp servers. What it does do is verify that someone is responsible for that mail connection and that someone is domain X without arguement.

I don't care if envelopes appear to be forged. It's done regularly in production. What I do care about is being able to say that someone is responsible for the email. If domain X said that a server can send mail outbound and it's not the mail I wanted, holder of domain X is liable and lawyers can do the dirty work they are paid for. Or at a minimum, I can block domain X and not feel bad about it.


-Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault