[p2p-research] Google gets into the DNS business

Eugen Leitl eugen at leitl.org
Sun Dec 6 17:58:03 CET 2009 

On Sun, Dec 06, 2009 at 05:19:56PM +0100, M. Fioretti wrote:

> to the best of my knowledge, you cannot specify port numbers in mx DNS
> records. See "incoming SMTP port" at
> http://www.code-crafters.com/abilitymailserver1/smtp.html

I wasn't refering to SMTP, of course.
 
> This means that if you run the email server at home but your
> ISP blocks port 25 incoming, other mail servers will find yours (by
> reading the mx record) but won't be able to talk with it: because they
> will try to do it through port 25 which is blocked by the ISP, and
> won't know which other port they could use.

There's not much point running your own SMTP server (unless you're
using an external relay) since you're sending from an address pool which is
almost certainly blackholed.
 
> All the mailboxes and configuration of my VPS mail server are already
> regularly backed up elsewhere. The probability of blackouts, hardware

This is the way to go. 

> failures, hardware theft, unavailable connectivity and so on are
> orders of magnitude lower in a data center than in any private

Yes. You're also completely under an xray screen, since running on
untrusted, shared hardware where the administrator has higher than
superuser access. Of course, if you're routing everything
through a VPN to different entity, especially entity in a different
jurisdiction, so this already adds a layer of protection.

If you want to make it interesting, send in a small low-power tamperproof
system with trusted hardware to your hoster's colo. These days,
it is almost as cheap as a VServer.

> residence, so I'll continue to use a remote VPS. If they screw up, I
> can find another provider, get a new account and migrate there all my
> data and email management in two days. Communication privacy would

Yep.

> really exist only if it were possible to only use crypted email for

Even if you don't use a VPN tunnel, you can use IMAP over SSL, and let
local mail server do StartTLS. Still much better than nothing.

> all personal messages, but that is still impossible because of people,
> so it wasn't an issue when I decided how to manage my email.
> 
> This said, a couple of comments:
> 
> I'm talking mostly about communications, you mostly about access to
> one's private data. They're both important, but different problems.

I'm viewing the issue holistically, and not necessarily in terms
of today's technology.
 
> Personally I would have no problem in continuing discussions about
> NAT, dynamic DNS and so on, but there's no better way I could find to
> make sure that nobody else on the list participates. I'd rather avoid
> deeply technical discussions here.

Quite a pity, since this is about as P2P and grassroot as it gets.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the p2presearch mailing list