[77096] in North American Network Operators' Group

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Jan 12 23:55:46 2005

Date: Thu, 13 Jan 2005 10:25:18 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
Cc: Dave Crocker <dcrocker@bbiw.net>,
	Steven Champeon <schampeo@hesketh.com>, nanog@merit.edu
In-Reply-To: <200501130419.j0D4JoP8020778@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu


On Wed, 12 Jan 2005 23:19:47 -0500, Valdis.Kletnieks@vt.edu
<Valdis.Kletnieks@vt.edu> wrote:
> On Wed, 12 Jan 2005 19:19:24 PST, Dave Crocker said:
> > In general, that's what dkeys/iim and csv (and maybe spf) are attempting to provide.
> 
> Yes, but he asked for a rDNS solution specifically...

I think Steve was referring to some things that can be implemented
right away, like "if you operate a mailserver, please make sure that
it isn't on a host that has reverse dns like ppp-XXX.adsl.example.com,
try to give it unique and non generic rDNS, preferably with a hostname
that starts off with smtp-out, mail, mta etc)"

Basically a call to operators to adopt a consistent forward and
reverse DNS naming pattern for their mailservers, static IP netblocks,
dynamic IP netblocks etc.

-- 
Suresh Ramasubramanian (ops.lists@gmail.com)

home	help	back	first	fref	pref	prev	next	nref	lref	last	post