Re: SMTP blocked between ISPs

[Patrik Fältström <paf@cisco.com>]

The best solution, even though half-baked in the anti-spam rg, is to 
require:

- I get an SMTP connection from some IP address
- Before saying ok to the mail, I look up a new RR type and the domain
  name of the envelope sender address
- The result should be the IP address of the peer

That binds the domain to the IP address, and the one updating that 
record need access to the DNS servers for that domain.

The anti-spam-wg have some more complicated schemes which I don't trust 
(they have one more layer of indirection which I think opens a hole for 
hackers to create problems).

Yes, everyone have to implement this, but, I am happy to start using it 
and placing all mail from non-authorized users last in the incoming 
queue...

I do not understand how one can start blocking spam without 
"restarting".

But, mechanisms like the one above require direct connections between 
sending and receiving domains.

    paf

On onsdag, aug 6, 2003, at 16:23 Europe/Stockholm, Mark Handley wrote:

> > What worries me is that this blocking of port 25 is going _against_ 
> > the
> > path which I want to see, that we have no relay in the world. Blocking
> > port 25 _increases_ the amount of relays.
> Blocking port 25 is only part of the story.
>
> There's also blackhole lists like the MAPS Dial-up User List:
>    http://mail-abuse.org/dul/
> I've hit this dialing up from a free ISP account in some random place.
>
> Also there's the reverse-MX proposal:
>   http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-02.txt
>
> All of these are pushing further into a world where you'll be required
> to send though your ISP's outgoing mail server.
>
> I suspect this progression is inevitable, unless some better
> alternative anti-spam mechanism is standardized and deployed in the
> near future.
>
> Cheers,
> 	Mark