If SSP needs a new RR, it needs one out of the gate. Given that one
of its largest uses will be "this domain sends no mail", the ability
to wildcard across all one's non-existent subdomains would be rather
important, and you need a new RR to do that.
Isn't the lack of an A or MX record sufficient for non-existent
domains? Do we really need a new protocol to tell us a non-exitent
domain is dodgy?
The recent IAB doc points out that the most common use of wildcards is
for catchall MXes, for places that accept mail to any subdomain. But
just because you accept mail to every possible subdomain doesn't mean
that you send mail from every possible subdomain, so you'd need an SSP
record along with the MX at the wildcard to reject mail purporting to
be from them. You'd presumably put in explicit records for the
subdomains that do send mail.
Wildcards actually work pretty well for this purpose so long as you have
the RRs to put at the wildcard names.
Also, although you are of course right that it's extremely rare to get
legit mail from a domain that doesn't have an MX or an A, there's no
IETF standards track document I'm aware of that says that. If you
want people to reject mail purporting to be from your domain, you need
some way to tell them that.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html