ietf-dkim
[Top] [All Lists]

[ietf-dkim] Comment about SSP Draft - MX lookup requirement

2007-11-01 08:37:30
Overall, although I do have many comments about the SSP draft, there is really just 1 thing that sticks out.

Section 4.4, item 3:

 3.   The Verifier MUST query DNS for an MX record corresponding to
      the Originator Domain (with no prefix).  This query is made only
      to check the existence of the domain name and MAY be done in
      parallel with the query made in step 2.  If the result of this
      query is an NXDOMAIN error, the message is Suspicious and the
      algorithm terminates.

       NON-NORMATIVE DISCUSSION:  Any resource record type could be
       used for this query since the existence of a resource record
       of any type will prevent an NXDOMAIN error.  The choice of MX
       for this purpose is because this record type is thought to be
       the most common for likely domains, and will therefore result
       in a result which can be more readily cached than a negative
       result.

This just seems out out of place for DKIM/SSP. The SMTP reality is that an MX may not be available and most production SMTP software will have logic or options for a specific NO MX rule:

      NO MX -> 1 or more A record lookup send mail attempts.

Also, even then, the SMTP software may be doing the MX lookup BEFORE the DATA state which may pre-empts any need for an expensive DATA or bounce-attack potential POST SMTP operation. Therefore, item 3 should be an OPTION logic and it should be noted that this may very likely be perform PRIOR to any DKIM data points are available.

How did this get in the SSP specs anyway? I don't recall a "straw poll" for it.

We seem to have mixed to different "MAIL FILTER" concepts into one.

Unless we are outright claiming that all DKIM domains MUST have a MX record, I think this item should be revisited and hopefully removed. Systems are increasingly doing this in some kind of MX concept regardless of DKIM or SSP.

--
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>