On Apr 30, 2008, at 12:49 PM, Steve Atkins wrote:
You, of course, don't care because you know there's no hostname or
MX record for mail.flooble.example.com, so no right-thinking
recipient will consider it legitimate mail anyway.
Agreed.
The positive existence of SMTP related records is safer than reliance
on the lack of NXDOMAIN returned by some DNS transaction. NXDOMAIN
overlooks situations where wildcard records are used for unrelated
reasons, and where hostnames are obtained by methods outside of DNS.
Assume next year the XPTR concept becomes popular for securing SIP.
Due to the ADSP discovery algorithm's reliance on NXDOMAIN (and
therefore the presence of hostname records in DNS) protection might be
lost or critical exchanges might be prevented.
The positive existence of a record related to SMTP confirms a domain
regardless of the use of wildcards or DNS. ADSP should be declared as
pertaining to SMTP. A declaration that ADSP pertains to SMTP appears
to be the only safe path forward. While DKIM might be used by other
protocols, ADSP should be viewed as protecting SMTP exchanges to
establish a logical and safe framework.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html