ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] domain existence check

2008-05-22 17:55:20

On May 22, 2008, at 4:13 PM, Jim Fenton wrote:

I agree that checking for the existence of MX, A, and/or AAAA  
records is a better approximation to those domains that use email  
than is mere existence (lack of NXDOMAIN).  There will of course be  
domains having A or AAAA records that don't use email, so even if we  
do the better check we don't know for sure that the From address is  
valid, although they could still publish an ADSP record.

But the NXDOMAIN check is attractive in its simplicity, and it does  
cover the case where it isn't possible to publish an ADSP record  
(since the domain would then exist).

It would always be possible to publish an ADSP record within a domain  
one controls?

My question:  How many domains exist that don't have MX, A, and/or  
AAAA records?

When a domain publishes a single wildcard for reasons separate from  
SMTP, DKIM, or ADSP, the number of domains that could result is about  
1 x 10^74.  The number of valid email domains that do not have an MX  
record represents a small percentage.  It might be worth the effort to  
list these domains to create a white-list used in conjunction with an  
MX record mandate for all new MTAs.  As indicated in the ADSP draft,  
when DNS is attacked and fails to function, crucial SMTP clients  
require their IP addresses white-listed to bypass ADSP requirements  
during such an event.

 Is the additional coverage of these domains important, or is the  
NXDOMAIN check good enough?

Would requiring that every domain have an ADSP record published be  
good enough?

Checking for MX and A records offers a means to limit the number of  
domains where ADSP records is required.  In addition, such an ADSP  
check would offer valuable information even when an ADSP record is not  
found.  Ensuring merit in the ADSP discover process in the absence of  
ADSP records seems rather critical for adoption.

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html