From a DNS perspective I don't like MX . As it falls into the category
'folklore', it is an essentially undocumented feature of the infrastructure
known only to some.
From the perspective of DKIM goals I would be entirely happy to document and
make use of MX . as an interim measure.
In the longer term I would much prefer to see us defining a NOMAIL policy
within DKIM.
Putting it all together we have two options for publishing policy:
1) If your DNS server does not support new RRs
Specify DKIM policy 'I always sign' using the prefix TXT record at
specifc nodes
Specify NOMAIL policy 'I never send' using MX-dot (which can be
wildcarded as normal)
2) If your DNS server does support new RRs
Specify DKIM policy 'I always sign' using the prefix TXT record
Specify NOMAIL policy 'I never send' using the prefix TXT record
Use XPTR to address the wildcard issue wherever necessary
The administrative wildcard issue is mostly an issue with the newer DNS
servers. The DNS wildcard semantics were botched in the original RFC and there
being no strong interoperability driver every server implemented in a different
way.
The need for consistency only appeared with DNSSEC and that is when the
wildcard semantics were redefined. Most DNS servers offer a choice of the old
and 'standard' semantics. I don't think it should be too hard to persuade them
to support administrative wildcards, something we need regardless of DKIM.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Saturday, June 02, 2007 11:53 PM
To: Untitled WG
Subject: Re: MX dot RE: [ietf-dkim] TXT wildcards SSP issues
On Jun 2, 2007, at 8:21 PM, Hallam-Baker, Phillip wrote:
Steve,
Could you expand on this somewhat?
We may be able to push the beastly wildcard issue into touch
altogether here.
I suspect not, but it's worth a try.
What is the deployed base for MX . ?
I've no idea. I have a zone file and some survey code, but
haven't pointed it at that question yet - it may be time to
take a look.
How widely is it recognized?
Fairly widely, I suspect, by spam filters that look for a
deliverable email address in the envelope from. All "MX ."
does is provide an invalid MX record that's easily recognized
as being intentional (similar to the .invalid pseudo-TLD in
many respects).
http://ietfreport.isoc.org/idref/draft-delany-nullmx/ is the
(expired) draft
that formalizes the concept, and it was somewhere between
discussed and common knowledge for at least a couple of years
before it was drafted in '05.
Used?
Not as widely as I thought, apparently. I'm not sure.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html