Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: fixing insecure email infrastructure (was: Re: [eweek article]

  • From: Markus Stumpf
  • Date: Mon Jan 24 14:55:58 2005
  • Comment: DomainKeys? See
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey;; b=nKePWCuM5l81aLG4r1wd5IOBEsGr1qujcUUJL4djvh7DhOOJ0Lnlc25g7sXg1XVQ ;

On Fri, Jan 14, 2005 at 10:05:05AM +1100, Mark Andrews wrote:
> >What is wrong with MTAMARK?
> 	As currently described it doesn't fit well with RFC 2317
> 	style delegations.  They would need to be converted to use
> 	DNAME instead of CNAME which requires all the delegating
> 	servers to be upgraded to support DNAME.

How many legit mailservers get their revDNS from RFC 2317 style
delegations? Marking hosts "MTA=no" is an addon for an explicit block.

I'd assume most ISPs cannot simply mark their revDNS with "MTA=no"
without changing contracts, but even adding "MTA=yes" would be of
a lot of help.

And it is really easy and doesn't have any negative side effects ;-)


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.