To:
dnsop@cafax.se
From:
Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>
Date:
Thu, 3 Apr 2003 15:21:54 +0200
Content-Disposition:
inline
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.2.5.1i
Subject:
RR DNS and spam
Over in the IRTF ASRG group I made a proposal to get rid of all the spam that comes via abused (proxies etc.) workstations. My idea was to "mark" hosts in RR DNS zones als being a mailserver by (e.g.) adding a TXT record like 8.0.30.195.in-addr.arpa IN PTR mail.space.net. IN TXT "mailto:abuse@space.net" That way the maintainers of the RR zone could authorize IPs to be valid mailservers and receiving mailservers would only accept mails from sending IPs that have the RR TXT record. It would be easily implemented, existing DNSBL code could be used by using "in-addr.arpa" as a base and inverting the meaning of "there is a TXT record". A non existant TXT record in RR DNS could be "overridden" by - a proper authentification (e.g. SMTP AUTH) so roaming users would bot be locked out. - local configuration that lets smarthosts accept emails from "well known" hosts without making that hosts sending mailservers to the public. The TXT record could carry a contact address (mailto, http) for abuse. And now my question to this audience :-) With all the recent discussions about the in-addr.arpa zone and reverse IPv6 resolution, would such a proposal be accepted by the DNS operators? Would they be willing to "change mind" and take more care of reverse zones? \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin" #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.