[105676] in North American Network Operators' Group
Re: ICANN opens up Pandora's Box of new TLDs
daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Sat Jun 28 17:35:20 2008
Date: Sat, 28 Jun 2008 17:34:33 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: nanog@nanog.org
In-Reply-To: <63ac96a50806281312i334c2067sce6872e324cbe5d1@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On Sat, Jun 28, 2008 at 01:12:39PM -0700, Matthew Petach wrote:
> Those two statements of yours directly contraindicate each other.
No, they don't. Outbound relays (which are presumably used by client
systems presenting appropriate authentication) know the identity of
user presenting credentials. They can thus return a NDN (or similar)
to that user, i.e., there's no concern about outscatter. But worth
noting is that this works *because* the mail is being submitted with
user authentication -- it won't work for a relay that doesn't do that.
That's a very different situation from case where the same outbound relay
is talking to a random mail server elsewhere on the 'net. Attempts by
such random mail servers to "return" bounces to their origin (from when
they never came) are outscatter, which is why rejects are much preferred.
(Yes, I'm aware of various mail authentication proposals. Whatever they
are/aren't, they're not the right solution to this specific problem:
the solution is to always reject, never bounce.)
---Rsk
