ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] protecting domains that don't exist

2008-04-16 04:20:02
On Tue, 15 Apr 2008 19:07:53 +0100, John Levine <johnl(_at_)iecc(_dot_)com> 
wrote:

Really?  Can you provide some examples of domains that use so many
subdomains for mail that it's impractical to cover the ones they use
individually?  (Not counting wildcards, we know that's a swamp.)  For
the domains I know, the mail comes from one or a handful of fixed
subdomains, and any random subdomain is bogus.

Wrong question. There may be umpteen subdomains that are not supposed to  
send mail, but that does not prevent either a misinformed user or a  
scammer creating a message with one of them in its From header. A verifier  
that recveives such a message needs to discover whether it was supposed to  
have been signed or not, and if so by whom.

OK, please provide a list of such domains and we can special-case them.

The domain cs.man.ac.uk contains 1800 subdomains with A records. It so  
happens that they all have MX records pointing to the official  
departmental mail exchangers, but I doubt the admins for that domain will  
relish the task of creating ADSP reecords for each of them (machines can  
be added and removed on an almost daily basis). Fortunately, this tree is  
only one level deep, so the 1-level trick built into our current draft  
will cope.

Ned has posted an even worse example AIUI.

Well, no.  If you will review prior messages, this argument was about
ADSP coverage of domains that don't exist.  Covering domains that do
exist is straightforward, give or take the known wildcard problems.

But those wildcard problems have not gone away. AIUI, if MX records exist  
they are solvable (so cs.man.ac.uk would be OK).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>