John Levine wrote:
As someone pointed out, you can interchange steps 1 and 2 in the
specification, putting the existence check first. And then, of course, you
can decide that the existence check is done outside ADSP. If the existence
check is removed, I would advocate putting in language that says an
existence
check SHOULD be performed before doing ADSP.
That seems reasonable. My objection (and I think also Dave's) is not that
it's a bad idea, but that it's not part of DKIM or ADSP.
Just to get this on the record, yes, I think it's out of scope, but in the
interest, I think it would be no worse than benign to have a non-normative
statement, along the lines of:
"In the absence of an ADSP record, attempted use of unregistered domain
names can be detected by querying the DNS for the domain name and treating a
returned NXDomain as an unauthorized use."
This provides the desired education without confusing things with ADSP and
without getting overly lofty about the wonderfulness of the mechanism.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html