On May 22, 2008, at 4:13 PM, Jim Fenton wrote:
I agree that checking for the existence of MX, A, and/or AAAA
records is a better approximation to those domains that use email
than is mere existence (lack of NXDOMAIN). There will of course be
domains having A or AAAA records that don't use email, so even if we
do the better check we don't know for sure that the From address is
valid, although they could still publish an ADSP record.
But the NXDOMAIN check is attractive in its simplicity, and it does
cover the case where it isn't possible to publish an ADSP record
(since the domain would then exist).
It would always be possible to publish an ADSP record within a domain
one controls?
My question: How many domains exist that don't have MX, A, and/or
AAAA records?
When a domain publishes a single wildcard for reasons separate from
SMTP, DKIM, or ADSP, the number of domains that could result is about
1 x 10^74. The number of valid email domains that do not have an MX
record represents a small percentage. It might be worth the effort to
list these domains to create a white-list used in conjunction with an
MX record mandate for all new MTAs. As indicated in the ADSP draft,
when DNS is attacked and fails to function, crucial SMTP clients
require their IP addresses white-listed to bypass ADSP requirements
during such an event.
Is the additional coverage of these domains important, or is the
NXDOMAIN check good enough?
Would requiring that every domain have an ADSP record published be
good enough?
Checking for MX and A records offers a means to limit the number of
domains where ADSP records is required. In addition, such an ADSP
check would offer valuable information even when an ADSP record is not
found. Ensuring merit in the ADSP discover process in the absence of
ADSP records seems rather critical for adoption.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html