ICANN opens up Pandora's Box of new TLDs

Rich Kulawiec rsk at gsp.org
Sat Jun 28 16:34:33 CDT 2008


On Sat, Jun 28, 2008 at 01:12:39PM -0700, Matthew Petach wrote:
> Those two statements of yours directly contraindicate each other.

No, they don't.  Outbound relays (which are presumably used by client
systems presenting appropriate authentication) know the identity of
user presenting credentials.  They can thus return a NDN (or similar)
to that user, i.e., there's no concern about outscatter.  But worth
noting is that this works *because* the mail is being submitted with
user authentication -- it won't work for a relay that doesn't do that.

That's a very different situation from case where the same outbound relay
is talking to a random mail server elsewhere on the 'net.  Attempts by
such random mail servers to "return" bounces to their origin (from when
they never came) are outscatter, which is why rejects are much preferred.

(Yes, I'm aware of various mail authentication proposals.  Whatever they
are/aren't, they're not the right solution to this specific problem:
the solution is to always reject, never bounce.)

---Rsk




More information about the NANOG mailing list