[Top] [All Lists]

Re: Mandatory From field, anonymity, and hacks

2004-07-26 20:16:52

Charles Lindsey wrote:
In <41011B42(_dot_)6070301(_at_)erols(_dot_)com> Bruce Lilly 
<blilly(_at_)erols(_dot_)com> writes:

And therein lies a problem, for that is not the intent of RFC 2026 in
making provision for a domain name for DNS testing purposes.

RFC 2026 is titled "The Internet Standards Process". Perhaps you meant RFC

Yes, a typo.

That says "can be used for private testing..., example in documentation,
DNS related experimentation, invalid DNS names, or other similar uses". I
think that is wide enough to cover the intended usage.

DNS experimentation and testing are different matters from deliberate
obfuscation (or worse).

In any case, would you prefer a poster to use

    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com>

(which involves a full DNS search each time someone tries to mail to it,
because DNS failures are never cached),

Well, I might be inclined to prefer using a fixed, guaranteed black-hole
valid address if somebody wants to set one up... but you haven't proposed
that or even acknowledged that there might be alternatives other than the
two that you mention...

    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com(_dot_)invalid>

which can be aborted at once without any DNS search at all?

Gack. NOOOOO!  Please tell me you didn't just say what I think you said!
In such a case, the only reasonable behavior is to query DNS for an MX
record for "" [*].  If you're suggesting that
software should recognize ".invalid" and avoid a DNS lookup, you are a
sinner; for penitence you must read the scripture of John (Klensin),
chapter 3696, verses 1, 2, and 6.  Seriously, if developers start hard-
coding ".invalid" into places where they should be querying DNS, that
completely negates the entire point of having a known invalid TLD *for*
*testing* -- short-circuiting the ability to test DNS by hard-coding
magic cookies is absolutely the wrong thing to do.  Please don't even
suggest doing so as a jest.

Now consider an alternative to either:
Subject: foo
Date: 1 Jan 2005 12:34:56 +0700

[body] I, Joe Doe, of Timbuktu (not to be confused with any other "Joe Doe"),
being of paranoid mind, do hereby write:  blah, blah, blah.

I.e. No From header field (and no Reply-To). No load on DNS at all. No
ability to reply via email, of course, but that is also the case with an
invalid address (and w/o the overhead and annoyance of attempts, bounces,
DSNs, etc.).  That is the proposal on the table.

* followed by MX queries for "", "com.invalid.", and
"invalid.".  Which is clearly one more query than would be required
w/o the ".invalid" suffix; so in answer to your question, yes, of the two
alternatives that you mention, and w/o consideration of any other
alternatives, I would prefer the version w/o ".invalid" as it places a
lesser burden on DNS.