it's hard to understand why any of you bother to respond to dean anderson;
his goals in participating here are manifestly incompatible with most others'.
the worst part is, while i never see dean's words directly (he and bernstein
and some others are on an internet that my user agents keep me from seeing),
i end up seeing his text when other people respond to it. ick. please stop.
> > >The idea came from David Green, and Vixie says it originated from Jim
> > >Miller in 1998. Vixie had little or nothing to do with it. Why the draft
> > >claims the earliest known work is due to Vixie is unclear.
> > >
> > > --Dean
> I've never heard before of David Green as being source of the idea, if
> he's still around, we may ask him and Vixie and Jim Miller about the
> exact details and if they are satisified with current information in
> acknolidgement sections of MARID drafts. But based on message from
> namedroppers sited by Dean, it seems that David Green came up with idea
> separate and already after Vixie wrote original "Repudiating Mail From"
> draft.
>
> William Leibzon
here's what happened. one day i was walking down the net minding my own
business, when all of a sudden, the following message appeared in my inbox:
Date: Sun, 14 Dec 1997 23:44:54 -0500 (EST)
From: Jim Miller <jmiller@xxxxxxxxx>
To: paul@xxxxxxx
Subject: An idea & congrats on RBL
Mr. Vixie,
...
May I offer an idea for your suggestions and opinion?
My idea is this: extend the use of DNS as a spam blocking mechanism
to support a rudimentary form of "authentication".... That is, use
DNS to list the machines that are "valid" *senders* of mail from a
domain.
...
I propose that the entities participating in this "idea" define a
well-known name in their DNS server - for each of their domains -
which lists all of the systems that will be sending mail from that
domain. This would be along the lines of an alias such as "mail",
"ftp", or "www".
For the purposes of this example, I'll use the name "outbound-smtp"
and the domain "foo.com":
foo.com. IN SOA ....whatever....
outbound-smtp IN MX 10 host1
IN MX 20 host2
IN MX 30 host3
host1 IN A 10.1.2.3
host2 IN A 10.2.3.4
host3 IN A 10.3.4.5
By creating the "outbound-smtp" record, I, as the operator of
"foo.com", indicate that the ONLY systems that are supposed to be
sending Internet mail with an address of "@foo.com" will be host1,
host2, and host3.foo.com. The fact that I used MX records is in no
way related to the true purpose of MX records -- it's just the RR
that I chose to provide a "list".
Now, for how this would be used...
...
no mention of david green. and i'm sorry for the confusion, it was 1997,
not 1998 as i've been reporting. for the record, i first heard the idea
from jim miller, in the e-mail excerpted above, and it was a good idea,
and if we'd written it up and widely deployed it in ~1997, e-mail forgery
would be dead by now and we'd working on other more important issues like
bonded expressions of intent. instead i see MARID making this whole thing
way more complicated than it needs to be, with 2005 as the earliest date
upon which e-mail forgery will be dead.
so, i did one duty, by acknowledging that the idea was not my own. but, i
failed another duty, which was to push hard on getting a good idea shipped.
writing <http://sa.vix.com/~vixie/mailfrom.txt> and posting it to
namedroppers was not nearly what was required to help kill e-mail forgery.
i'm currently failing another duty, which is to try to stop MARID from
rubber-stamping ~SPF and to try to stop MARID from using either TXT RRs or
a new RRtype. i've found that you just can't stop newbies from wanting to
make their own mistakes. (like teenagers in that way.)
--
Paul Vixie
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf