>>>>> "David" == David Saez Padros <david@???> writes:
>> But you're forcing me to devote _my_ resources to protecting
>> _your_ network. How is this not abusive?
David> First, i'm not only protecting my network, i'm also protecting
David> your domain from people who try to send email on your's domain
David> behalf to my users.
Did I ask you to do this?
David> and you are missing one very important point, current smtp
David> schema is by itself insecure, there is no widely spread way to
David> check that the sender has relaly sent the message.
And callout does NOT HELP THIS AT ALL, since the spammers are quite
happy to use sender addresses that exist.
David> This is a security problem that obviously when solved will
David> imply that the receiver host will try to check the message
David> auhtenticity by connecting to the sender's domain servers
David> (SPF, DKIM, callout, whatever ...) Will you call this abuse ??
DNS has both positive and negative caching with TTLs specified by the
publisher; it is commonly cached in ways that allow sharing of caches
over many servers and users; it's a very lightweight protocol from the
point of view of an authoritative server; it is easily scaled up; the
relevent queries for SPF, DKIM, etc., are per-domain rather than
per-user, and it _exists for the purpose of publishing information
about domains_. None of this is true for SMTP-based callouts.
--
Andrew, Supernews
http://www.supernews.com