01-25-06 01:16 PM
On 25 Jan 2006 06:19:19 -0000, TwistyCreek <anon@comments.header> wrote:
>I'm looking to set up the MX record(s) on my domain so I can accept
>incoming mail directly rather than using my registrar's redirection server
>to send it to a gmail box and then pop3s'ing it down from there. The
>problem is that this is probably a decrease in reliability (ie due to the
>possibility power failures, ISP interuptions, etc). I've been reading a
>bit on MX records and I'm wondering if it's as simple as it appears to use
>a second machine at a second location to increase reliablity.
It's not especially difficult.
>I'm considering asking a buddy that operates an FTP server 24/7 on a
>different (DSL) ISP if he'd be willing to run some kind of Mercury setup
>just to cover me in case my machine or my provider went down for a while.
Ok, but consider that your alternate will need your private keys to
decrypt incoming messages (unless they are just going to store and
forward to you at some later date). It would be a major upgrade to
the remailer s/w and protocol to encrypt using more than one public key,
although it's technically possible.
>I realize the SMTP protocol prescribes retrys etc before failing, but it
>seems the MX priority idea is a pretty well defined strategy as well. Is
>it just a matter of adding a second MX record with a priority value higher
>than the one in the first MX rec? Why do you always see values like 10 and
>100, etc. Wouldn't it make more sense to number them 1, 2, 3... I mean
>it's not like the values a carved in stone.. if you ever need to add one
>"in the middle" you just renumber - no?
DNS records are cached. It could take quite some time for the renumbering
to propagate across the Internet. Better to leave some gaps and retain
your flexibility.
>Also... just how Eelbashian an idea would it be to suggest remops could
>back each other up? I guess there's a significant potential for a rouge
>remop to do traffic analysis if they had access to your (encrypted)
>incoming mail over a period where you were down - right?
Pairing with another remop who will at least store and forward your
e-mail is sensible. It would be up to you to interview the prospective
remop and determine whether or not they are trustworthy.
>I am having
>trouble seeing how the same concern would exist relative to a trusted
>buddy who has nothing to do with the remailer network (but I'm open to
>re-education on that one).
On that note, you might want to visit the following web sites:
http://rollernet.us/index.php
http://www.everydns.net
Rollernet and everydns offer free secondary MX and secondary DNS services,
respectively. I haven't used rollernet, but I can vouch for everydns.
I've used everydns for years and it has been flawless. David Ulevitch
is an outstanding netizen.
>Suggestions?
I believe the two areas for improvement in the remailer network are
reliability and authentication.
If remops paired up as you suggest, it would improve reliability.
There would be a small sacrifice in security, but not much. After
a little shake-out period, the trolls would end-up pairing with other
trolls and the serious remops would cover each other. The trolls
would be shunned as they are now, except you could kill them in pairs.
Security wise, everyone should implement TLS and get your domain cert
signed by a certificate authority. It's no longer necessary to pay
usury to the commercial CA's. CAcert.org is available for free.
-=-
This message was sent via two or more anonymous remailing services.
[ Post a follow-up to this message ]
| 
