in reply to (OT) Fighting spam

The idea is brilliantly simple: the RMX DNS RR lists legit sender's IPs for mail being sent from this domain. When a mail server receives a connection, it compares the originating IP with the list given by the RMX RR for the MAIL FROM domain of delivered mail. Mail that fails this check is discarded as illegitimate.

I like the idea. But the paranoid side in me wonders whether this a good thing in the long run as it will turn the attention of professional spammers towards DNS. DNS as it currently stands, is relatively easy to fake in any upstream server. Heck, I've seen it faked inside a LAN (just a matter of getting your answer on the wire before the "real" nameserver replies). And with the right TTL's, the wrong information is going to stay there for a long time.

Before anything like this is tried to fight spam, I think it would be more important to get secure DNS accepted worldwide. That at least should make it a lot harder for spammers to start messing with DNS to get their spam sent through if the RMX DNS RR scheme would be gaining wider acceptance.

Liz

In Section Meditations