ietf-dkim
[Top] [All Lists]

Re: MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues

2007-06-07 10:34:34
Steve Atkins wrote:

On Jun 7, 2007, at 1:34 AM, Hector Santos wrote:
The single DNS query syntax would be:

    a.b.c.d.e.f.g.h.i.j.k._ssp.foo

The result will depend on what this organization is going to define for policies at each level.

By your reasoning, if presented with the hostname
sales.demon.co.uk you would query for sales.demon.co._ssp.uk.

That won't work. At all.

Please, before making assertions about how DNS resolution
should work, think about the basics of how DNS actually works.

For the record, has you tried it?

I have it prepared for my santronics.com zone file.

; default NOMAIL
*._ssp     0  TXT "v=dsap1.0; rr=0; op=; 3p=; fa=fail; fx=fail;
                    fs=fail;

; santronics.com OPTIONAL policy, no 3PS
_ssp       0  TXT "v=dsap1.0; sd=*; rr=0; op=optional; 3p=never;
                   a=rsa-sha256; fa=fail; fx=fail; fs=fail;

; alway sign with corp.santronics.com
corp._ssp  0  TXT "v=dsap1.0; sd=corp; rr=0; op=always; 3p=never;
                   a=rsa-sha256;

; alway sign with sales.santronics.com
sales._ssp 0  TXT "v=dsap1.0; sd=sales; rr=0; op=always; 3p=never;
                   a=rsa-sha256;

; alway sign with europe.santronics.com
europe._ssp 0 TXT "v=dsap1.0; sd=europe.sales; rr=0; op=always;
                   3p=never; a=rsa-sha256;

; never sign with public.santronics.com
public._ssp  0 TXT "v=dsap1.0; sd=public; rr=0; op=never; 3p=never;

; never sign with list.santronics.com
list._ssp 0 TXT "v=dsap1.0; sd=list; rr=0; op=never; 3p=optional;
                 3pl=mipassoc.org

Do the DNS query for the valid ones and fake sub domains, or no subdomains:

    NSLOOKUP -query=txt  SUBDOMAINS._ssp.santronics.com

You said it won't work "AT ALL." I would like to know why not? Every policy I want is defined including eliminating the ABUSE with a global NOMAIL record.

--
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html