|
Danisch's RMX |
Fecyk's DMP |
| large APL lists |
problem.
RMX clients perform an APL query and get back a
potentially big list of IPs; they're only interested in one
of the IPs in that list. If a sender domain uses many
approved IPs, DNS UDP packets can be too small to contain
the APL list, and then you have to switch to TCP which is
slower. I am told that Yahoo could legitimately use any one of about 3000 distinct IPs to send mail.
|
advantage.
Because the DMP query is specific to the client IP, it's
more targeted, and you don't have to worry about large DNS responses.
|
| DNS extensions required |
problem.
RMX requires DNS software packages to add new functionality, to
support the RMX record type. If we require ISPs to upgrade
their DNS software rather than just add new entries in their
zone files, we double the cost of adoption. That's no
good.
|
advantage.
DMP works with existing TXT records and requires no changes to DNS.
|
| indirection |
advantage.
An RMX record can point to an APL record. If you run
multiple domains that use the same set of designated
mailhosts, you only need set one of APL records, and
then each domain's RMX points to that existing set.
This reduces administrative overhead. If you want to
point your domain at someone else's APL records, you can
do that too.
|
problem.
Under Fecyk's proposal, each new domain has to spell out
the list of mailhosts afresh. This is a problem if
multiple independently administered domains share the
same set of servers, because the secondary domains will
have to keep playing catch-up.
|
| dynamic hostnames |
advantage.
An RMX record can point to a host (A) record. If you
have a dynamic IP, you probably already have some sort
of DynDNS solution
that automatically updates your hostname-to-IP mapping.
The RMX "host:" response type lets you say "my
dynamically assigned IP address is a designated mailer
for my domain."
|
not really a problem.
It would be trivial for the DynDNS folks to
automatically include the DMP records in their standard
domain templates.
|
| CIDR notation |
advantage.
CIDR notation is built in to APL.
|
inconvenience.
If your allow/deny categories don't fall neatly along
byte boundaries, you'll have to spell out each IP
address. Automated tools like RBLDNS help.
|
| Joe-job notification |
lacks.
RMX operates on a "Full Monty" basis: the DNS server
gives every querant the full list of designated mailers.
SMTP servers see everything and pick out only what they're
looking for.
|
advantage.
Suppose 12.34.56.78 tries to forge email from
joes.com. When a DMP-enabled SMTP server
skeptically queries
78.56.34.12._smtp_client.joes.com, it gets back
"dmp=deny". But something else also happens:
Mike Rubel observed, with great subtlety of insight,
that the attempted joe-job leaves a trace: Joe's
DNS server logs the fact that 12.34.56.78 tried to
impersonate Joe. Nifty!
|
| DNS caching |
advantage.
RMX returns the full list of designated mailers to a
querant, so the querant can cache the result and apply
it to future lookups. This saves bandwidth and
decreases response time.
|
disadvantage.
DMP queries are IP-specific, so each new client host
triggers a fresh set of DNS lookups.
|
