North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: fixing insecure email infrastructure (was: Re: [eweek article]
On Fri, Jan 14, 2005 at 10:05:05AM +1100, Mark Andrews wrote: > >What is wrong with MTAMARK? > As currently described it doesn't fit well with RFC 2317 > style delegations. They would need to be converted to use > DNAME instead of CNAME which requires all the delegating > servers to be upgraded to support DNAME. How many legit mailservers get their revDNS from RFC 2317 style delegations? Marking hosts "MTA=no" is an addon for an explicit block. I'd assume most ISPs cannot simply mark their revDNS with "MTA=no" without changing contracts, but even adding "MTA=yes" would be of a lot of help. And it is really easy and doesn't have any negative side effects ;-) \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"
|