SN> If the RMX matches the IP, it's a good bet the domain is not forged.
SN> If the RMX doesn't match, all bets are off.
One more case here--if RMX is present and doesn't match, the message is
definitely forged (or the system is misconfigured).
If the sender doesn't want to bother with RMX, he or she simply doesn't
post RMX records.
There is no legitimate situation where RMX is present and does not match
on a valid email.
AD> Used properly, RMX doesn't prevent anything. It simply allows the
AD> recipient MTA to make faster, better decisions about how to deal with
AD> the email.
SN> "used properly" aye - there's the rub.
SN> Draft-danisch-dns-rr-smtp-01.txt mentions that receiving servers
SN> are free to drop email that doesn't have an RMX record.
SN> That may be true, but IMO it isn't best practice.
Receivers are free to do anything they like with the email; I had pictured
RMX providing information to (for example) spamassassin.
SN> The questions I have are;
SN> What percentage of the people who use it will use it improperly?
SN> And what happens when it's used improperly?
If it's used improperly, then mail gets dropped--the same thing that
happens when the recipient's mail server or DNS is configured improperly,
or if its spam filter is too aggressive. Users complain, and the system
gets fixed.
RMX is about the least-complicated (and therefore least error-prone)
solution to this problem that I've seen, though. Do you know of other
solutions are less likely to be used improperly?
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg