Re: [dns-wg] DNS RMX records - e-mail sender authorization

On Thu, Oct 16, 2003 at 01:07:56PM +0200, Brad Knowles wrote:
> At 9:27 AM +0200 2003/10/16, hadmut@localhost wrote:
> 
> > - So why is Stephane complaining that these proposals would break his
> >   ability to use "From: bortzmeyer@localhost" ? In fact, none of the
> >   proposals would stop him from doing so, but since he complained
> >   about this emotionally, I tried to pick up his argument the same
> >   way. People should read and understand a draft before attacking it.
> 
> 	I have read the various drafts, and I understand how they work. 
> They all rely on someone designating a set of servers that are 
> allowed to send e-mail from a particular domain or set of domains. 



Again, Stephane complained that the proposals would stop him from
using "From: bortzmeyer@localhost" and you explicetely agreed, while at
the same time you confirmed that all those proposals do not have
anything to do with the header From: line.

I still do not understand your opinion and your argument. 
If the proposals have nothing to do with the header From line
(in fact, they don't), so why are you and Stephane complaining?









> Regardless of the implementation mechanism, that act alone breaks 
> .forward, alias-based mailing lists, legitimate third-party relay 
> when you are travelling, etc....


No. If it doesn't touch the header From line, it doesn't break
anything with that. Most mailing lists, all modern mailing list
processors I've checked, most forwarding services correctly insert 
a new sender envelope address and will work with RMX just perfectly.







> 	Right, and nothing you do with an RMX-like proposal is going to 
> make any difference here.  The problem is that it doesn't help you 
> until everyone (or most everyone) already does it, and until then it 
> can only hurt.

Wrong. If just Hotmail, AOL and Yahoo would provide RMX records and 
I'd query them, then I already would get rid of a significat amount
of spam. And that's only a four party game.

And even if I were the only person providing RMX records, it 
would already help getting rid of wrong delivery failure messages.






> 	With DNS cache poisoning, all that goes out the window.  With 
> over 50% of the ccTLD authoritative nameservers being open public 
> caching/recursive nameservers, just how clueful do you honestly think 
> people are going to be?  And this is just one of many weaknesses.


DNS cache poisoning is possible, but is found rarely. While I see
tens of thousands of Spam per day, I didn't find any case of cache
poisoning within the last two years. Do you really believe Spammers
would be able to poision the DNS caches of a million receivers?

That's not an acceptable argument.







> 	If you want to do authentication, you need those cryptographic 
> methods.  Nothing short of that is going to help.


Wrong. Nonsense. There's organizational security, e.g. topological 
authentication, as done by e.g. firewalls. You should be better
informed before propagating such claims.





> 	He may not own that domain, but he almost certainly owns that 
> address.

And how should anyone else check this?



> And he's already got his MUA configured to use the 
> appropriate outbound mail server, including all cryptographic 
> authentication methods required to make the transmission of mail a 
> smooth and invisible process.

So tell me how my receiving MTA can check this. What cryptographic
authentication is he using that could be automatically checked 
by my machine?

How do you want to deploy such a mechanism to countries where
cryptography is not allowed? Do you believe that a billion of 
internet users will keep the secret keys on their windows machines
secret? That's absurd.



> 	You're not going to invent anything useful using fundamentally 
> flawed ideas using systemically dain-bramaged DNS infrastructure 
> around the world.

Being insultive is not an argument.


> If you think SMTP security is bad, you haven't 
> begun to look at DNS security.

DNS security is still much better than SMTP security, because there
is no SMTP security. Spammers using wrong sender addresses do not have
to break any security mechanism by now. Breaking DNS is still not 
trivial, especially not for mass mailings.













> 	That's assuming that the mailbox of the sender isn't already full 
> of other bounces.  That's assuming that the virus doesn't 
> surreptitiously check the mailbox and delete all bounces, so as to 
> cover it's tracks.


That's foolish. Not stopping spam and viruses because the mailbox could be
filled with other rubbish is just ridiculous. And btw my relay has
never been infected by a virus.

Your argumentation is so farfetched and far from reality, that it
doesn't convince in any way.





> 	Something must be done.  This is something.  Therefore, this must be 
> 	done.
> 
> 	Riiiiiiiiiiiiiiiiiight.  We've heard this before.
> 

That's the universal kiddy-argument against everything. Following you 
would mean to leave it just as it is. The current spam traffic might
be suitable to your personal needs, but it isn't to others.





> 	As the former Sr. Internet Mail Administrator for AOL, I've 
> probably been responsible for stopping more spam than you will ever 
> see in your life.

Aha. AOL has also transported more spam than I will ever see
in my life. So what?

And what does this mean? That every anti-spam solution requires your
personal approval?




> As one of the authors of some of the earliest 
> anti-spam rulesets that were contributed back to the community, I am 
> probably indirectly responsible for having stopped many, many orders 
> of magnitude more spam than you can ever possibly see in your entire 
> life.

Aha. And what does this mean? Do you want to tell me that you have the
permission to spam-fight and I don't?






> 	We're all suffering.  What we shouldn't do is wave large 
> quantities of weapons of mass destruction around in a crazied attempt 
> to kill all the bugs -- doing so can only lead to our own 
> destruction, and minor annoyance for the bugs.

So what are you proposing? Leave it as it is? If you have any
better and feasible idea, don't hesitate to tell it. World will be
happy to get it.

I see that you don't like RMX. But I don't see what you want to have.
A different mechanism? No spam protection at all? What do you want?

Hadmut