nanog mailing list archives

Re: fixing insecure email infrastructure (was: Re: [eweek article]

From: Markus Stumpf <maex-lists-nanog () Space Net>
Date: Mon, 24 Jan 2005 20:54:48 +0100


On Fri, Jan 14, 2005 at 10:05:05AM +1100, Mark Andrews wrote:

What is wrong with MTAMARK?

      As currently described it doesn't fit well with RFC 2317
      style delegations.  They would need to be converted to use
      DNAME instead of CNAME which requires all the delegating
      servers to be upgraded to support DNAME.


How many legit mailservers get their revDNS from RFC 2317 style
delegations? Marking hosts "MTA=no" is an addon for an explicit block.

I'd assume most ISPs cannot simply mark their revDNS with "MTA=no"
without changing contracts, but even adding "MTA=yes" would be of
a lot of help.

And it is really easy and doesn't have any negative side effects ;-)

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

Current thread:

Re: marking dynamic ranges, was fixing insecure email infrastructure, (continued)
- - - Re: marking dynamic ranges, was fixing insecure email infrastructure Valdis . Kletnieks (Jan 25)
    - Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
    - Re: marking dynamic ranges, was fixing insecure email infrastructure Suresh Ramasubramanian (Jan 25)
    - Message not available
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Owen DeLong (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] william(at)elan.net (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Suresh Ramasubramanian (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Todd Vierling (Jan 14)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 14)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Paul Vixie (Jan 14)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Markus Stumpf (Jan 24)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 24)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Markus Stumpf (Jan 25)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 25)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Markus Stumpf (Jan 25)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 25)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Markus Stumpf (Jan 25)
    - RE: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Joseph Johnson (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) william(at)elan.net (Jan 12)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Steven Champeon (Jan 13)
    - Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonym Stephane Bortzmeyer (Jan 13)

(Thread continues...)