On Jun 9, 2007, at 5:42 PM, Hector Santos wrote:
Douglas Otis wrote:
On Jun 9, 2007, at 1:51 PM, Hector Santos wrote:
That said, some systems, such as our own, have a one attempt only
for the "Implicit MX" rule. i.e. No MX -> A Lookup --> 1 attempt
only.
This past week alone we would have electronic mail communications
fails with legit customers lacking MX records if this rule was
enforced.
I just can't see this happening. I will have to see snow balls
falls from these South Florida skies before I would have our SMTP
system changed.
The concept is to first deprecate use of A records for discovering
inbound SMTP servers. After some period of time, then obsolete
the use of A records for this purpose.
Well Doug, go ahead and proposed it, write an I-D, see how it flies
in IETF-SMTP. And while you are there see if you get the IMC.ORG
to stop using MAIL.IMG.ORG as the return path domain WITHOUT a MX
record.
Using your concept, you effectly stopped all bounce mail back to
their return path.
Hector,
You seem to have confused the concept of deprecate and obsolete. The
suggestion was to deprecate the use of A records for discovery. (As
in suggesting this will soon become obsolete.)
This suggestion will not cause mail.imc.org to cease functioning.
(Don't expect this field to be tested with respect to DKIM either.
Refusing a message due to a failure to confirm "proof of use" based
solely upon MX records would be far less disruptive than refusing to
discover a return-path using A records.)
Nothing can be done quickly. Any changes to email will take time.
Ideally, these changes will result in a cleaner and easier to manage
set of records. This goal would tend to exclude any type of wildcard
scheme. Searching up domains also generates a fair amount of
NXDOMAIN traffic.
The cleanest approach is to simply publish policy records adjacent to
MX records. Over time, this should be all that is needed. Those
being phished might wish to publish policy records adjacent to their
A records for the period of time it takes to obsolete A record
discovery. This would likely depend upon how likely A records are
used to spoof domains.
Those developing phishing filters which utilize DKIM can also readily
utilize policy information found adjacent to MX records. Much of
what needs to be stopped often can not be determined by email-
addresses within headers. The general appearance of a message body
along with a likelihood the From email-address can not be clearly
viewed is often how people are being fooled. A policy record next to
the MX record, even when only used to instruct anti-abuse message
filters, will go a long way in preventing much of the abuse without
becoming disruptive.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html