From: Jon Kyme [mailto:jrk(_at_)merseymail(_dot_)com]
I think we also need a completeness indicator, so you can
say 'this is the complete set of my outgoing MTAs or
these are member of the set of my outgoing MTAs'.
OK, I'll bite. What's the advantage in listing only a proper subset?
If there is an authorization mechanism in place at the receiver
end you can still take the benefit of accreditation even though
you might not be able guarantee that you were able to list out
every one of your legitimate edge email servers.
Right, but wouldn't a "wildcard" or universal record (with an accreditation
modifier) give you the same benefit?
Or even a "bare" accreditation assertion? (empty set)
What am I missing here?
It's not just the edge servers; it's all the many outsourced providers too
and all of their servers.
Here is a very long answer to this question. Let me know if admidst all
these words it's still not clear or if I have somehow missed the point you
are trying to make.
Partial listings makes publishing much, much easier for both large and small
companies. Much of the discussion for spam solutions has focused on ease and
speed of deployment and DNS has been chosen as the publication medium
primarily for this reason. But, just publishing is not necessarily so easy,
as the ESPC technology committee tests have shown. We need to give careful
thought to the business process implications of the publication process,
because anything that requires significant business process changes will
encounter significant adoption delays.
Both of very large and very small companies are likely to use a variety of
providers to send mail, and both groups will be slower to adopt if they can
only publish a complete record. One person at a small business most likely
knows the name and support phone number for all of their providers, but does
not have direct control over their DNS records (nor the skill and knowledge
to do anything if they did). Big companies run their own name servers, but
have a project on their hands just finding all the ways they send mail.
Small business hosting providers (who are usually the technical
administrator for the domain) will not publish MARID records for the client
mail servers they control if there is a good chance that tons of furious
customers will call them because now the mail they send out of the vertical
app (hosted elsewhere) or their email marketing (hosted elsewhere) is being
blocked. With subset publishing, the hosting provider can publish partial
records for everyone, and then tell their customers to go to some web page,
specify all their indirects, and mark their records as complete when they
are ready. This gets a lot more publication going a lot faster.
A large corporation that uses one brand but has many divisions, each with
it's own marketing department has the opposite problem: just finding all
their outsource providers isn't easy. Each marketing department operates
somewhat independently, and it's unlikely that anyone has been keeping track
of how they send mail. Yes, eventually this is exactly what needs to happen,
but "all or nothing" makes getting started a big project. Big projects in
big companies have long delays almost by definition. They could probably all
complete it faster if each department could just say "we're ready now,
here's our information". The faster every company gets started, the faster
you build the necessary critical mass.
You can't just solve the big company problem with "add a domain", because
the domain is a brand. There is probably written policy about it's use.
Changing that policy is another, somewhat different big project. It's also a
bit of the tail wagging the dog to add sub domains (brand variants) to
accommodate email authentication. And, of course, the more quickly and
tightly and publicly the domain is tied to an email accreditation and
reputation, the more interested the brand protection teams will get
interested in policing the email in all those marketing departments. It's
ultimately in the best interests of the email commons for each senders to
use one or very few domains.