[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CSV (Crocker's draft) good! (evaluation, big suggestion)

To: Matthew Elvey <matthew@xxxxxxxxx>
Subject: Re: CSV (Crocker's draft) good! (evaluation, big suggestion)
From: Meng Weng Wong <mengwong@xxxxxxxxxxxxxxx>
Date: Mon, 3 May 2004 10:57:17 -0400
Cc: MXCOMP <ietf-mxcomp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx
User-agent: Mutt/1.3.25i

On Sun, May 02, 2004 at 01:46:35PM -0700, Matthew Elvey wrote:
| 
| CSV (crocker-marid-smtp-validate): ties things as follows:
| Can a spammer set up a domain and rDNS with records under the spec and 
| spoof From: yes, for all the extant I-Ds, including this one, and C-ID, 
| BUT not for long - the domain will get blacklisted PDQ.
| Is a spammer forced to use a domain set up with records that specify its 
| authorized MTAs: yeah.

Thank you for the review of CSV.

I have a question.  Can you walk us through the scenario where a
spammer, in response to CSV, uses a HELO domainname "goodguy.com"
where:

 - goodguy.com has an A record, so it passes basic validity tests;
 - the A record does not match the spammer client IP;
 - goodguy.com is a legitimate nonspammer domain;
 - goodguy.com does not have a CSV record (maybe goodguy.com is too busy to set up CSV right now)

what does a receiver do?

I should point out that goodguy.com's MTAs also use HELO goodguy.com,
and their IP addresses do not match the A record for goodguy.com
either.

References:
- CSV (Crocker's draft) good! (evaluation, big suggestion)
  - From: Matthew Elvey

Prev by Date: Re: CSV (Crocker's draft) good! (evaluation, big suggestion)
Previous by thread: Re: CSV (Crocker's draft) good! (evaluation, big suggestion)
Next by thread: Re: CSV (Crocker's draft) good! (evaluation, big suggestion)
Index(es):
- Date
- Thread