John Levine wrote:
a) Even if you believe this is a serious issue (which I don't, see
point 2 below), the tree walk wouldn't be a solution.
First of all, this is a gross mischaracterization of what was in the
document. It was NEVER a tree walk, and I have said this before. I
would like to understand why you continue to propagate something that is
blatantly wrong.
Although I
believe that there is at least one large vendor of network equipment
whose DNS tree is very flat, that's not true in general, and there are
plenty of large systems whose DNS tree is more than two levels deep.
That doesn't matter. If there are more levels they are doubtless
*orders* of magnitude less than the total number of host names.
Since those systems would have to cover N-1 levels of their tree even
if we had the tree walk,
Again a mischaracterization of anything that has been proposed.
I don't see any reason to think that the
software changes needed to cover N-1 levels of a DNS tree would be any
easier than to cover N levels.
Show how this is relevant to anything.
2) The only reason I can see that one would need to cover every node
in their DNS tree is a belief that other mail admins will assume that
all of your subdomains inherit the reputation of your main domain.
But who'd do that? Is anyone really going to treat mail from
bob(_at_)bay0-omc1-s21(_dot_)bay0(_dot_)hotmail(_dot_)com or even
bob(_at_)bay0(_dot_)hotmail(_dot_)com the
same as bob(_at_)hotmail(_dot_)com?
It's your-representative(_at_)unprotectedhostname(_dot_)bank(_dot_)com - where
"your-representative" is actually your representative. We can and
should protect from that.
This is to me the reddest of red herrings.
Perhaps somewhere, somehow, there is some admin so stupid as to do
that, but as I hardly need tell you, there's no hope of blocking every
possible stupid mistake that someone else might make.
You are mistaken about who is trying to protect whom from what. A
corporation is trying to protect itself from misrepresentation by others
to others. And so by not being able to have a PARENT CHECK (which is
distinctly not tree walking), the corporate admin is forced to have
faith that someone else isn't stupid. Worse, if that someone else *is*
fooled, he or she is going to complain to that admin's management.
If a parent check is not appropriate we need something else that is.
Perhaps someone who does think ADSP could be useful might provide an
answer to this question. One possibility would be to allow for the
possibility that some of us want a parent check, and to allow for an
option in the ADSP record to identify that that attempt.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html