[ On Monday, July 10, 2000 at 11:38:23 (-0400), Shawn McMahon wrote: ]
Subject: Re: RBL-type BGP service for known rogue networks?
Oh, you wanna go there?
Yes. (Been there, done it, wrote the book! ;-)
Hmm. MUST NOT refuse. Who's violating the RFC here, again?
Well, since I'm free to implement policies that affect my own system(s), you loose, not me. Fix your DNS or your mailer and we both win.
*ANYBODY* using sendmail from a dynamic IP is either going to do this, or worse. RFC 1123 requires you to live with it.
Wrong. On both counts. (though for different reasons)
If you choose not to, don't wave the damn RFC around like a magic shield.
Since I was using the Internet at the time that RFC was written, though unfortunately not directly involved in its writing, unfortunately, I can fully understand the meaning of that apparent self-contradiction. Nerarly a dozen years ago there were different pressures on RFC writers. Most every sane person I know now understands that the so-called robustness principle defined in RFC 1123 MUST not be used to ignore security issues. Although forging a HELO name isn't exactly fraud, it's very close, and therefore it's definitely a security issue (the risks are relatively low, but there's more than ample evidence that people continue to use it for illicit purposes in an ongoing basis).
CNAMEs are "valid principal host domain name[s]".
No, bzzt, wrong! CNAMEs can point at host domain names, but they are definitely not anything like host domain names! Host domain names are only those that return A RRs.
Nothing in the RFC says it can't be a CNAME, but something in the RFC says you have to accept it even if it's flat-out wrong or a lie.
Sorry, but you've leapt over a set with your misunderstanding above and therefore the remainder of your logic falls to pieces completely. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>