On Apr 30, 2008, at 12:27 PM, Al Iverson wrote:
On 4/30/08, Steve Atkins <steve(_at_)blighty(_dot_)com> wrote:
It's been pointed out to me that I've confused this "treewalking"
discussion by forgetting that this thread is not discussing the
NXDOMAIN
issue. I have done this and I'm sorry about that. I view the
NXDOMAIN
check as essential since it is impossible for domain
administrators to
deploy ADSP records for sub-domains that do not exist.
If the goals of ADSP are what I'm guessing they are, +1.
Could you all help me to understand this point in more detail. Define
the NXDOMAIN issue for me, and how it relates to receiver filtering
decisions. Examples welcome. (I have some idea of what I think this
means, but I'd like to see it clarified to better understand it.)
The NXDOMAIN thing means only one thing for a receiver. Don't
accept mail that claims to be from non-existent domains.
The reason there's discussion about it is that one of the ways
in which ADSP is iffy is that it only doesn't allow you to state
"I don't send unsigned mail from any hostname that ends
in .example.com". If your domain is example.com, and I
decide to send mail claiming to be from
mail.flooble.example.com there's no way you can publish
an ADSP record to assert that that mail isn't from you, unless
you guess the magic word "flooble".
You, of course, don't care because you know there's no
hostname or MX record for mail.flooble.example.com, so
no right-thinking recipient will consider it legitimate mail
anyway.
The discussion is not over what recipient behavior in that
case will actually be (reject or discard it because it's
claiming to come from someone who doesn't exist), rather
it's over whether the ADSP spec needs to prescribe that
behavior.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html