Hector Santos:
Overall, although I do have many comments about the SSP draft, there is
really just 1 thing that sticks out.
Section 4.4, item 3:
3. The Verifier MUST query DNS for an MX record corresponding to
the Originator Domain (with no prefix). This query is made only
to check the existence of the domain name and MAY be done in
parallel with the query made in step 2. If the result of this
query is an NXDOMAIN error, the message is Suspicious and the
algorithm terminates.
NON-NORMATIVE DISCUSSION: Any resource record type could be
used for this query since the existence of a resource record
of any type will prevent an NXDOMAIN error. The choice of MX
for this purpose is because this record type is thought to be
the most common for likely domains, and will therefore result
in a result which can be more readily cached than a negative
result.
This just seems out out of place for DKIM/SSP. The SMTP reality is that
an MX may not be available and most production SMTP software will have
logic or options for a specific NO MX rule:
NO MX -> 1 or more A record lookup send mail attempts.
Hector,
As the text states, the above test does not require that the MX
record exists. It just requires that *something* exists. As long
as something exists, the result of MX lookup will be "no data" or
an MX record, but it won't be NXDOMAIN.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html