On Apr 24, 2008, at 11:23 AM, John Levine wrote:
Really? Can you provide some examples of domains that use so many
subdomains for mail that it's impractical to cover the ones they
use individually? (Not counting wildcards, we know that's a
swamp.) For the domains I know, the mail comes from one or a
handful of fixed subdomains, and any random subdomain is bogus.
OK, please provide a list of such domains and we can special-case
them.
Any domain with a lot of A records qualifies because you can't tell
whether they're using the subdomain "for mail" or not.
Just so I'm sure I understand you, you're claiming that DNS managers
are without exception so hostile and/or incompetent that they can
not set up ADSP records for the A records they manage. That's not
"would prefer not to", it's "can not". As JD pointed out a few
weeks ago, anyone using DKIM is going to need to manage new DNS
records anyway, so if your DNS managers refuse to install anything,
you're screwed no matter what ADSP says.
If you're saying this is the situation where you work, I belive you,
but I know it's not the case everywhere, and one set of
uncooperative DNS managers seems like a poor basis for casting a
permanent DNS kludge in
stone.
Agreed. Positive confirmation of specific record use (A or MX in
conjunction with ADSP records) also avoids issues related to wildcards
for records other than A or MX.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html