To:
dnsop@cafax.se
From:
Dean Anderson <dean@av8.com>
Date:
Wed, 2 Apr 2003 11:11:40 -0500 (EST)
Sender:
owner-dnsop@cafax.se
Subject:
A historical perspective on draft-ietf-dnsop-inaddr-required-04.txt
Here is a message from Rob Austein to the TCP-IP mailing list from 1986, which puts a historical perspective on things. Rob is responding to a message from gds@spam.istc.sri.com. Given this was in 1986, the spam.itsc.sri.com hostname was well ahead of its time. Rob knew then that "the silly net" wouldn't have reverse working all the time, but thought this was broken. Apparently, he was under the impression then that reverse was not optional, but could be "broken". More significantly (in retrospect), Rob advocates that one shouldn't put numeric addresses in Received headers. Of course, Rob wasn't the only person with this viewpoint. It is unfair to place this solely on Rob's shoulders. Although not clear from this message, he is accompanied in this viewpoint by many then, and who still share this view today. To the later chagrin of so many people, Rob's viewpoint was implemented in Sendmail. It is unfortunate because we later learned by hard experience that if one used a machine without Reverse, or if reverse were configured to return misleading results, then one could send completely anonymous and untraceable email through a mail relay. It had nothing to do with the openness of the relay, though that was the early "fix". Of course, even "closed" relays could be abused, and it would be impossible to identify the user of the relay. The anonymous spam relay exploit was the result of misplaced trust placed in reverse, and the fact that an IP address wasn't put in the Received: header. It had nothing to do with the openness of the relay. Some say this ability to anonymously abuse relays caused spam. Eventually, this behavior was changed in Sendmail and other MTA's in the early '90s. Since then, it has been impossible to send anonymous email through an open or closed relay. This fact has not stopped people from promoting myths about open relays, however. It is really historically interesting that 17 years later, after so many obvious faults, failures, exploits, and even spam caused by misplaced trust in reverse DNS, that the same people are still promoting the same ideas. It is a historical irony that some of the most vocal and ardent proponents of Reverse DNS want to use it to prevent spam. --Dean Message from Rob Austein (SRA@XX.LCS.MIT.EDU) Wed, 1 Oct 1986 16:00 EDT ============== Date: Tuesday, 30 September 1986 13:29-EDT From: The lost Bostonian <gds@spam.istc.sri.com> To: header-people@mc.lcs.mit.edu, tcp-ip@sri-nic.arpa If it is true that all IP implementations enable a server program to determine the IP address of its peer, then the HELO command, and its response could be eliminated, which would save us a few bytes. You are assuming that it is always possible to translate addresses to names and vice versa. Unfortunately, there are some people out in the world running domain nameservers who are totally clueless about what they are doing, and there are others who have the misfortune to be stuck behind a losing gateway or otherwise be unreachable much of the time. Do you really want to make it impossible to receive mail from some host because a third party is broken? Or have to put numeric addresses into the Recieved headers? The answer is to fix the silly net, not throw away features to save two IP packets. --Rob ==================== #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.