[policy] When Tech Meets Policy...

Douglas Otis dotis at mail-abuse.org
Tue Aug 14 22:21:37 UTC 2007


On Aug 14, 2007, at 9:29 AM, Al Iverson wrote:

>
> On 8/14/07, Tim Franklin <tim at pelican.org> wrote:
>>
>> On Tue, August 14, 2007 1:48 am, Douglas Otis wrote:
>>
>>> For domains to play any role in securing email, a published MX  
>>> record should become a necessary acceptance requirement.  Using  
>>> MX records also consolidates policy locales which mitigates some  
>>> DDoS concerns.
>>
>> What if there's no intention to use the domain for email?
>>
>> I've become annoyed enough in the other direction, owning domains  
>> *only* used for email and dealing with irate people insisting I'm  
>> domain-squatting and must sell them the domain cheaply right now  
>> because there's no A record for www.what.ever.
>
> I'm annoyed enough in the original direction. I, like many  
> thousands of people, have some domains that I don't use for email,  
> so they don't have an MX record. How do you enforce this new  
> requirement? Who chases it down? How does it stop domain tasting?  
> If this is ultimately to stop domain tasting abuse, why not instead  
> stop domain tasting? It seems like this simply add rules that  
> somebody has to figure out to who enforce, and I'm not exactly  
> inspired to think that it'll be enforced regularly or properly.

All registrations MUST incur a nominal charge applied uniformly.   
Remove the option permitting domain registration at little or no  
cost.  End of problem.

> This seems like creating a requirement that people must implement  
> mosquito nets to solve the mosquito problem, instead of focusing on  
> removing the mosquitos.

This comment was added as a follow-on note.  Sorry for not being clear.

Accepting messages from a domain lacking MX records might be risky  
due to the high rate of domain turnovers.  Within a few weeks, more  
than the number of existing domains will have been added and deleted  
by then.  Spammers take advantage of this flux.  Unfortunately SMTP  
server discovery via A records is permitted and should be  
deprecated.  Once MX records are adopted as an _acceptance_  
requisite, domains not intended to receive or send email would be  
clearly denoted by the absence of MX records.  SMTP policy published  
adjacent to MX records also eliminates a need for email policy  
"discovery" as well.  Another looming problem.

Don't accept a message from a domain without MX records.  When there  
is no policy record adjacent to the MX record, there is no policy,  
and don't go looking.

-Doug




More information about the NANOG mailing list