[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: specifying which IP addresses can send mail for a domain

On Fri, Oct 10, 2003 at 03:09:54PM +1000, Russell Coker wrote:
> Joel, can you please provide information on the experimental method for 
> specifying which IP addresses may be used to send mail from a particular 
> domain?

The one I personally like best, at the moment, is Paul Vixie's proposal
(draft-vixie-repudiating-mail-from); however, as has been pointed out,
most of the active, or remotely reasonable, proposals have come under the
aegis of the IETF ASRG working group, and probably belong there. None of
them currently have (nor are they likely to have in the immediate future)
enough weight to be terribly useful; the main benefit of the ASRG process
is that we will (almost certainly) end up with one protocol blessed with
full RFC status, which is a fairly major advantage in terms of convincing
mail software writers and DNS maintainers to actually implement it in a
widespread enough fashion that it will have noticeable impact.

I favor Vixie's proposal primarily because it's simple, elegant, and it
requires neither new DNS RR types, nor excessive handling of things which
are documented as poor DNS practice, such as widecards. Anything requiring
DNS upgrades will take at least five years, if not longer, before it is
deployed in sufficient density to be meaningful - many folks still run BIND
4 based resolvers. And the merits of avoiding the use of poor DNS practices
should be, well, obvious. Using one special hostname that is unlikely to be
used for anything else on an operational network isn't such a high price,
by comparison, and it can be implemented entirely at the application level
using well-established query pathways (even resolvers that break things
like wildcards are unlikely to break MX+priority information).

However, as I said, I'm betting that none of them will gain much steam
until the ASRG renders a decision. So we'll just have to see what comes out
of it.
Joel Baker <fenton@debian.org>                                        ,''`.
Debian GNU NetBSD/i386 porter                                        : :' :
                                                                     `. `'

Attachment: pgpMtJ92VUAUp.pgp
Description: PGP signature

Reply to: