On May 22, 2008, at 9:03 AM, John Levine wrote:
It's straightforward to check for a NXDOMAIN or NODATA result, but I
see no reason to think that such a check has the semantics an ADSP
user would want.
Reliance upon NXDOMAIN or NODATAT precludes use of wildcards for _any_
record by _any_ other protocol.
To touch on some of the issues (and try not to rehash them all), the
majority of A and AAAA records don't name domains used in mail and
you can't check short of sending a test message and waiting a week
to see if it bounces, there's many ways a name can exist but again
not for mail (what if there's just a TXT record), and any check we
defined would just be wrong if, e.g., next year we make MX . the no-
mail standard.
Why re-experience the lessons regarding opting-out for email? Opting
out is _not_ practical. Reliance upon "MX ." requires _all_ other
domains wishing to opt-out (perhaps to avoid transactions generated
looking for ADSP or DKIM keys) to publish bogus MX records targeting
the root.
So I like Arvel and Wietse's approach, say to do it but don't try to
define it since any definition would be wrong. Other thoughts?
Not defining the public protocol protected by ADSP would be wrong.
Once SMTP is defined as the protocol protected by ADSP, then checking
for A and MX records limits where ADSP is required and therefore
sought. Leaving this issue undefined and suggest all domain could
publish ADSP or "MX ." already implies the use of SMTP! The goal is
not to _absolutely_ ensure SMTP is supported. The goal is to limit
the number of domains required to publish ADSP.
An approach requiring domains to opt-out does not scale! Mandating
inclusion of discovery records in conjunction with policy does. It is
simply not practical to extend an "opt-out" strategy. Imagine what
DNS would become once other protocols follow suit and also adopt an
"opt-out" strategy. A strategy that ADSP/SMTP should take would be to
require MX records to ensure the acceptance of public message
exchanges. Until such time the MX mandate is adopted, at least limit
domains where ADSP is required to those that include A records. The
ADSP draft does just this.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html