[Asrg] RMX evaluation (was RE: Is there anything good enough? - Spoofingstats)

[Paul Judge <paul.judge@ciphertrust.com>]

This is a clear list of arguments against RMX. To move this conversation
forward in a meaningful way, let's do a few things:

Vernon, can you post Vixie's suggestions that you referring to so that
everyone is aware of them. Can you also explain in more detail the
difference between those and RMX to show why you say that it is simpler.

Hadmut and/or Mike, please read the other links that Vernon provided "
http://www.google.com/search?q=match+sender+domain+hotmail and
http://www.monkeys.com/anti-spam/filtering/additions.html";  and provide a
comparison between those and RMX?

Paul
 
> No, I don't approve of RMX.  I believe
>   - it is redundant and unnecessary because existing 
> mechanisms achieve
>      can stop mail from free providers that does not come from each
>      provider's MTAs.
>   - there are simpler, already largely deployed ways to do exactly
>      what RMX does without a new RR, including Paul Vixie's 
> suggestions. 
>   - the new RMX RR will never be seriously considered in the DNS WG.
>   - if by some fluke that happens it will never pass Last 
> Call in a DNS WRK.
>   - if everyone is asleep there, it won't pass IESG review or 
> main list
>      Last Call.
>   - if it does get standardized, it will not be widely 
> implemented in MTAs.
>   - it will not be installed by the organizations you need to install
>      it, including Hotmail, AOL, and Microsoft, because they will not
>      change their business models.
> 
> I'm beginning to get the impression that RMX proponents are 
> egregiously unaware of how SMTP works and is commonly used.  
> Contrary to statements from RMX propoents, current standards 
> and practices support rejecting mail from a free provider 
> that does not come from the free provider's MTAs.  Many MTAs 
> have been doing exactly that for years.  For example, see the 
> pages found by 
> http://www.google.com/search?q=match+sender+domain+hotmail 
> including http://www.monkeys.com/anti-spam/filtering/additions.html
> 
> 
> > You're expending an awful lot of energy trying to break down the 
> > process but
> > you are an advocate of something much more anti-standards 
> and intrusive.  
> 
> Using existing standards is less "anti-standards" and less 
> intrusive than demanding other people do things including 
> change their business models and demanding changes to 
> standards such as DNS.  The current standards and practices 
> already support rejecting free provider mail that does not 
> come from the free provider's MTAs.  (I'm repeating myself 
> because repetitions in previous messages were apparently unclear.)
> 
> I think resisting standards changes that are based on willful 
> ignorance of existing standards and current practices is 
> required to keep the IETF process from breaking down completely.
> 
> 
> > Instead of blocking the spammers from using those domains you block 
> > everyone.
> 
> As I've said many times over the years including this list, I 
> think free providers are parasites on the Internet because of 
> how they handle network abuse.  I do not expect you or other 
> ASRG contributors to share this extreme view and I certainly 
> do not expec the free providers to change.  I do not block 
> all users using those domains, but only almost all.  My free 
> provider blacklist has a handful of whitelist holes.
> 
> 
> > >...I think demanding that free providers
> > >change to fit my model of how they should run their businesses to 
> > >suit my convenience would be wrong.
> >
> > Then why are you doing it?  Why are you saying "you can't have free 
> > e-mail or
> > I won't accept your messages"?  You are absolutely telling 
> them how to run 
> > their business if they want to send you mail.
> 
> Yes, but only if they want to send me mail.  Contrary to you 
> model, they are free to send each other mail that complies 
> with their providers' terms and conditions.  I think that 
> even spam is just fine, provided it stays on the spam 
> friendly side of the net and away from me.
> 
> 
> > >with postfix (which you seem to use).
> > I only use pieces of it.  I'm working on an SMTP proxy with 
> > finer-grained
> > scriptable rules and logging to a database.
> 
> So why haven't you long since implemented the standard checks 
> to prevent what you call "spoofed" free provider mail?
> 
> 
> Vernon Schryver    vjs@rhyolite.com
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
> 
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg