On Tue, 15 Apr 2008 19:07:53 +0100, John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
Really? Can you provide some examples of domains that use so many
subdomains for mail that it's impractical to cover the ones they use
individually? (Not counting wildcards, we know that's a swamp.) For
the domains I know, the mail comes from one or a handful of fixed
subdomains, and any random subdomain is bogus.
Wrong question. There may be umpteen subdomains that are not supposed to
send mail, but that does not prevent either a misinformed user or a
scammer creating a message with one of them in its From header. A verifier
that recveives such a message needs to discover whether it was supposed to
have been signed or not, and if so by whom.
OK, please provide a list of such domains and we can special-case them.
The domain cs.man.ac.uk contains 1800 subdomains with A records. It so
happens that they all have MX records pointing to the official
departmental mail exchangers, but I doubt the admins for that domain will
relish the task of creating ADSP reecords for each of them (machines can
be added and removed on an almost daily basis). Fortunately, this tree is
only one level deep, so the 1-level trick built into our current draft
will cope.
Ned has posted an even worse example AIUI.
Well, no. If you will review prior messages, this argument was about
ADSP coverage of domains that don't exist. Covering domains that do
exist is straightforward, give or take the known wildcard problems.
But those wildcard problems have not gone away. AIUI, if MX records exist
they are solvable (so cs.man.ac.uk would be OK).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html