[policy] When Tech Meets Policy...
Douglas Otis
dotis at mail-abuse.org
Tue Aug 14 22:21:37 UTC 2007
On Aug 14, 2007, at 9:29 AM, Al Iverson wrote:
>
> On 8/14/07, Tim Franklin <tim at pelican.org> wrote:
>>
>> On Tue, August 14, 2007 1:48 am, Douglas Otis wrote:
>>
>>> For domains to play any role in securing email, a published MX
>>> record should become a necessary acceptance requirement. Using
>>> MX records also consolidates policy locales which mitigates some
>>> DDoS concerns.
>>
>> What if there's no intention to use the domain for email?
>>
>> I've become annoyed enough in the other direction, owning domains
>> *only* used for email and dealing with irate people insisting I'm
>> domain-squatting and must sell them the domain cheaply right now
>> because there's no A record for www.what.ever.
>
> I'm annoyed enough in the original direction. I, like many
> thousands of people, have some domains that I don't use for email,
> so they don't have an MX record. How do you enforce this new
> requirement? Who chases it down? How does it stop domain tasting?
> If this is ultimately to stop domain tasting abuse, why not instead
> stop domain tasting? It seems like this simply add rules that
> somebody has to figure out to who enforce, and I'm not exactly
> inspired to think that it'll be enforced regularly or properly.
All registrations MUST incur a nominal charge applied uniformly.
Remove the option permitting domain registration at little or no
cost. End of problem.
> This seems like creating a requirement that people must implement
> mosquito nets to solve the mosquito problem, instead of focusing on
> removing the mosquitos.
This comment was added as a follow-on note. Sorry for not being clear.
Accepting messages from a domain lacking MX records might be risky
due to the high rate of domain turnovers. Within a few weeks, more
than the number of existing domains will have been added and deleted
by then. Spammers take advantage of this flux. Unfortunately SMTP
server discovery via A records is permitted and should be
deprecated. Once MX records are adopted as an _acceptance_
requisite, domains not intended to receive or send email would be
clearly denoted by the absence of MX records. SMTP policy published
adjacent to MX records also eliminates a need for email policy
"discovery" as well. Another looming problem.
Don't accept a message from a domain without MX records. When there
is no policy record adjacent to the MX record, there is no policy,
and don't go looking.
-Doug
More information about the NANOG
mailing list