On Mar 3, 2008, at 12:38 PM, John Levine wrote:
What is the functional or security reason for verifying that
the domain exists, in terms of ASP.
The short answer is in 3.2, where there's a different answer for "I
dunno" and "doesn't exist".
As I recall, it's always been that way, but that's a good question.
There's certainly plenty of reasons to be wary of mail with a return
address that doesn't exist, but baking that into ASP does feel like
mission creep, doesn't it?
If I recall the discussion correctly, it's that without that check
then the
absence of an ASP record was perceived to mean that the domain
owner permitted mail to be sent with that hostname.
Adding the check for existence of some record for the hostname means
that in order to deploy ASP the sender needs only provide a TXT record
corresponding to every hostname in use, not every conceivable hostname
(which is impossible to do in any useful manner with standard DNS
servers).
As a concrete example, there is no ASP record for
creditcard.billing.ebay.com,
and without the domain existence check it would be difficult for ebay
to assert
ASP-style policy over all their domains.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html