On Apr 30, 2008, at 5:09 PM, Al Iverson wrote:
I am not understanding what is revolutionary about an NXDOMAIN
check. I see sites rejecting mail based on NXDOMAIN currently,
regularly. I would even dare to call this an observable best
practice. I would need to hear more on how it modifies SMTP and/or
turns the universe on its ear -- I'm not yet convinced that it is as
earth shattering as described.
NXDOMAIN represents the DNS RCODE 3 "Name Error" response. This code
is meaningful when retuned by an authoritative DNS server and
represents a specific heuristic of DNS. For example, this code might
occur when a referral at an existing domain name contains a CNAME that
does not exist.
Keep in mind, it is possible to resolve hostnames locally without
dependence upon DNS. Resolving such SMTP clients locally might
represent _crucial_ services expected to function even when DNS is
unavailable. After all, DNS represents a potential target for DDoS
attack. The specific use of NXDOMAIN as an ADSP compliance/acceptance
test may interfere with alternative methods of resolving hostnames,
whether or not DKIM or ADSP is used by the SMTP client's domain. : (
NXDOMAIN protection also fails when wildcards are used. In addition,
NXDOMAIN requires ADSP records be placed at _every_ existing node,
rather than just those potentially supporting SMTP. Clearly, knowing
whether a domain might support SMTP offers far greater value than
knowing a node exists but may contain no resources, or none related to
SMTP.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html