[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mail-Transmitter RR
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm sorry if this is off-topic, but I couldn't find a working group that
is working on dealing with spam, so this is the closest match I could
find. I know this is in no way related to IPv6 or anything else you guys
are working on, but it is an idea I had involving the addition of a RR
type. If this is not the right place to be sending this, any pointers to
other working groups/forums would be greatly appreciated. And I appreciate
all of the hard work you guys are doing... My idea is attached
(domauth.txt)
Thanks,
David Green
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8+WuwCi6CzkbyeRQRAhgwAKCMt8l88znXNKkC2QQMFAcsKCApsACggDIn
8dBjMHAeIVCIinb/g4HKyEE=
=s/yu
-----END PGP SIGNATURE-----
June 1, 2002
Domain-Authorized SMTP Mail
Copyright Notice
Copyright (C) David N. Green (2002). All Rights Reserved.
Abstract
This document describes when and how to specify Mail Transmitter (MT)
resource records (RRs) in the Domain Name System (DNS), how to
configure SMTP servers to query them effectively, and how to
configure Mail User Agents (MUAs) to filter based on them.
1. Introduction
Historically, Internet mail has been plagued by forgeries. This has
become more problematic as the practice of sending Unsolicited
Commericial Email (UCE) has gained popularity. The addition of MT
RRs to DNS will solve the problem of forgery of domain, without
placing undue burden on any Internet Service Provider. This allows
the Internet Service Provider to begin the process of prevention
of forgery of user. The use of MT RRs at any site is RECOMMENDED.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
RFC 2119.
2. Mail Transmitter Resource Records
All hosts which are authorized transmitters of mail for a domain,
including any authorized forwarders, SHOULD be designated as Mail
Transmitters through the use of an MT RR.
3. MT DNS queries and Authorized-By SMTP headers
SMTP servers SHOULD remove any Authorized-By SMTP headers of
incoming mail. They MAY be configurable to preserve Authorized-By
headers on incoming mail from a set of trusted servers.
SMTP servers SHOULD perform an MT DNS query on the domain of
the From header. If the incoming mail was sent by a server returned
in the query, the SMTP server SHOULD attach an Authorized-By
header to the message, whose value is the hostname of the server
performing the MT authorization.
4. Mail User Agent handling of Authorized-By headers
Mail User Agents (MUAs) MAY allow the user to filter incoming
messages based on the presence of an Authorized-By header.
MUAs MAY allow the user to further filter authorized messages
based on the domain of the From header.
5. Security Considerations
If a user's ISP does not support at least the removal of
Authorized-By headers as stated in section 3, incoming mail may
be easily forged.
Additionally, any host between the sender and recipient, or who
can otherwise masquerade as the sender, can also masquerade
as an authorized transmitter for the domain of the sender.
Author's Address
David N. Green
563 Bill Rutledge Rd
Winder, GA 30680 USA
Phone: +1-770-868-0754 (w)
+1-770-868-1572 (h)
Fax +1-770-220-1937
EMail: green@couchpotato.net