RE: you must fill your zones with TXT records

["Gordon Fecyk" <gordonf@xxxxxxxxx>]

> Traditional remote domain verification involves checking that 
> the domain
> stated in an email address has a valid MX or A record published in the
> DNS. This implies that a spammer could send email "from" any 
> old machine
> with an A record and expect it to be accepted. Sender-ID does 
> not solve
> this problem unless you publish a -all record for EVERY HOST on your
> network, since in the absence of a Sender-ID record the recipient will
> fall back to the current behaviour.

This is where the automated tools come in.  Something to inspect the zone and
then push records through ddns for every node that doesn't already have a
MARID-style record.[1]

This is a flaw with every proposal that uses DNS, but it is not an
insurmountable one.  Not to mention that the wildcard issues were beaten to a
greasy spot on the floor, never mind beaten to death.

[1] Someone again said this was inexcusable but I never received an
explanation as to why.  Any takers?

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@xxxxxxxxxxxxx>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>