[77538] in North American Network Operators' Group
Re: fixing insecure email infrastructure (was: Re: [eweek article]
daemon@ATHENA.MIT.EDU (Markus Stumpf)
Mon Jan 24 14:55:16 2005
Date: Mon, 24 Jan 2005 20:54:48 +0100
From: Markus Stumpf <maex-lists-nanog@Space.Net>
To: Mark Andrews <Mark_Andrews@isc.org>
Cc: nanog@merit.edu
In-Reply-To: <200501132305.j0DN55AD078291@drugs.dv.isc.org>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Jan 14, 2005 at 10:05:05AM +1100, Mark Andrews wrote:
> >What is wrong with MTAMARK?
> As currently described it doesn't fit well with RFC 2317
> style delegations. They would need to be converted to use
> DNAME instead of CNAME which requires all the delegating
> servers to be upgraded to support DNAME.
How many legit mailservers get their revDNS from RFC 2317 style
delegations? Marking hosts "MTA=no" is an addon for an explicit block.
I'd assume most ISPs cannot simply mark their revDNS with "MTA=no"
without changing contracts, but even adding "MTA=yes" would be of
a lot of help.
And it is really easy and doesn't have any negative side effects ;-)
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
