To:
dnsop@cafax.se
From:
Dean Anderson <dean@av8.com>
Date:
Wed, 2 Apr 2003 11:11:40 -0500 (EST)
Sender:
owner-dnsop@cafax.se
Subject:
A historical perspective on draft-ietf-dnsop-inaddr-required-04.txt
Here is a message from Rob Austein to the TCP-IP mailing list from 1986,
which puts a historical perspective on things. Rob is responding to a
message from gds@spam.istc.sri.com. Given this was in 1986, the
spam.itsc.sri.com hostname was well ahead of its time.
Rob knew then that "the silly net" wouldn't have reverse working all the
time, but thought this was broken. Apparently, he was under the impression
then that reverse was not optional, but could be "broken".
More significantly (in retrospect), Rob advocates that one shouldn't put
numeric addresses in Received headers. Of course, Rob wasn't the only
person with this viewpoint. It is unfair to place this solely on Rob's
shoulders. Although not clear from this message, he is accompanied in this
viewpoint by many then, and who still share this view today.
To the later chagrin of so many people, Rob's viewpoint was implemented in
Sendmail. It is unfortunate because we later learned by hard experience
that if one used a machine without Reverse, or if reverse were configured
to return misleading results, then one could send completely anonymous and
untraceable email through a mail relay. It had nothing to do with the
openness of the relay, though that was the early "fix". Of course, even
"closed" relays could be abused, and it would be impossible to identify
the user of the relay. The anonymous spam relay exploit was the result of
misplaced trust placed in reverse, and the fact that an IP address wasn't
put in the Received: header. It had nothing to do with the openness of the
relay. Some say this ability to anonymously abuse relays caused spam.
Eventually, this behavior was changed in Sendmail and other MTA's in the
early '90s. Since then, it has been impossible to send anonymous email
through an open or closed relay. This fact has not stopped people from
promoting myths about open relays, however.
It is really historically interesting that 17 years later, after so many
obvious faults, failures, exploits, and even spam caused by misplaced
trust in reverse DNS, that the same people are still promoting the same
ideas. It is a historical irony that some of the most vocal and ardent
proponents of Reverse DNS want to use it to prevent spam.
--Dean
Message from Rob Austein (SRA@XX.LCS.MIT.EDU)
Wed, 1 Oct 1986 16:00 EDT
==============
Date: Tuesday, 30 September 1986 13:29-EDT
From: The lost Bostonian <gds@spam.istc.sri.com>
To: header-people@mc.lcs.mit.edu, tcp-ip@sri-nic.arpa
If it is true that all IP implementations enable a server program to
determine the IP address of its peer, then the HELO command, and its
response could be eliminated, which would save us a few bytes.
You are assuming that it is always possible to translate addresses to
names and vice versa. Unfortunately, there are some people out in the
world running domain nameservers who are totally clueless about what
they are doing, and there are others who have the misfortune to be
stuck behind a losing gateway or otherwise be unreachable much of the
time. Do you really want to make it impossible to receive mail from
some host because a third party is broken? Or have to put numeric
addresses into the Recieved headers?
The answer is to fix the silly net, not throw away features to save
two IP packets.
--Rob
====================
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.