CircleID

There is a recent proposal around this idea called Reverse MX or RMX. An internet draft exists at http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-02.txt
and the author maintains a site at http://www.danisch.de/work/security/antispam.html

I think its an idea whose time cannot come fast enough.

This sounds like a great idea.  I have regularly been a victim of those that use my family web site address as the return address when they send out email.

This is very aggravating.  I would definitely switch to an ISP or host that could help me to prevent this from happening by using some type of reverse MX (RMX) check to disallow someone else from using my domain. I know it is more complicated than what I just described, but I certainly would support efforts to prevent this.  I think any legitimate email user or provider should support it.

"Require legitimate DNS MX records for all outbound email servers"
One wonders how to "require" anything on the net these days, given that even a multi-partite letter from the FTC, Industry Canada and a ton of other International signatories was sent out in the vain hopes of getting installations to close open relays they have in place. Which, as far as I can tell, has failed as badly as the multitudinous anti-relay blacklists in use today.

The fight against spam is a multi-faceted one, requiring technical, legal and educational solutions to be put in place. Placing our eggs in one basket, the technical approach has brought about a crisis after ten years of trying. Time to give the other two the credence, time and effort the first one has been given.

Not to mean that approaches be developed at the expense of the tech solutions, but alongside them. Anything else is just waiting for people on the "other side" to find yet another way to send their wares.

Sounds good to me John! I agree that your proposal is far better than the current dilemma and certainly more feasible than a "W3 Swat Team". 

Some of the more advanced RMX-style systems should have legs.  Please acknowledge that there are some that are better than yours, and endorse the best one, so we can get to a consensus and get it broadly implemented.  The system shoudn't be mandatory; it should simply be optional.  If a domain MAY designate a list of servers can send email 'from' it, then there are three categories: black (not on the list), white (on the list) and grey (there is no list).

There is an excelent draft on : http://www.danisch.de/software/rmx/
(updated the link referred above)

Some big email providers like google, hotmail and yahoo have separate inbound and outbound email servers.

If you "dig wr-out-0506.google.com a", for instance (see legitimate message below), you will get an impressive list of IPs (those take care of some google outbound mail).

But without the proposed DNS RMX RR, there would be no way to find out whether wr-out-0506.google.com would be potentially legitimate or not.

+++clip+++
2006-05-03 03:22:36 1Fb70Y-0007ce-OB <= hidden_sender@gmail.com H=wr-out-0506.google.com [64.233.184.227] P=esmtp S=1736 id=44580391.13f23b13.6127.5211@mx.gmail.com
2006-05-03 03:22:36 1Fb70Y-0007ce-OB SA: Action: scanned but message isn't spam: score=-1.6 required=5.0 (scanned in 6/6 secs | Message-Id: 44580391.13f2
3b13.6127.5211@mx.gmail.com). From <hidden_sender@gmail.com> (host=wr-out-0506.google.com [64.233.184.227]) for legitimate_rcpt@my.test.org
+++clip+++

In short, in my opinion, I think John Fitzgibbon touched the right direction: providers that use different inbound & outbound mail servers, should register not only MX servers (for the inbound messages), but also RMX for the outbound servers.

We will have to wait meanwhile… IETF first, then IANA, to authorize such added (DNS RMX RR) schemes.