Em 21-03-2014 21:48, Stuart Henderson escreveu: > On 2014-03-19, Giancarlo Razzolini <grazzol...@gmail.com> wrote: >> Em 19-03-2014 09:41, Stuart Henderson escreveu: >>> you have more trust in ISP DNS servers honouring TTLs than I do. if >>> you can only get a dynamic IP at home and would like to host mail >>> there yourself, in a machine which only you have physical access to, >>> etc. (i.e. do *not* want to keep your email archive on a VPS), you >>> could rent a VPS and use it as a tunnel endpoint instead. >> I don't. I do not use any of my ISP's dns servers. Also, in this case, I >> have to trust the other mta's dns servers honoring TTL's, not mine. > That is exactly what I mean. You trust other ISPs, who you don't even have > a business relationship with, to tell their customers/mtas to deliver > your mail to the correct address... > > Some places deliberately place a minimum restriction on TTLs to save on > bandwidth. Others do it to mitigate DNS rebinding attacks. So you can have > problems caused by both good *and* bad ISPs... > The bottom line is, we have today an email system that is broken, and I don't see it getting any better in the near future. Part is because it relies on another broken system which is dns, and part because the mta's are supposed to talk with each other and the standard is set on very low levels of security when it should be the other way around. You can host your own mail, but do not trust it to be really only your mail.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
