ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Domain Existence Check and Erroneous Abstract

2008-06-04 11:23:52
from [Douglas Otis] [Permanent Link] 

On Jun 4, 2008, at 9:14 AM, Dave Crocker wrote:


In the interest of accuracy:

  I have been probing some email receive-side folk, about their call- 
back or verification steps like this that they conduct.  Generally,  
the range of tests is of these types.

   Unfortunately, it is rarely based on the rfc2822.From field.  It  
is, instead, typically based on rfc2821.mailfrom.

So we need to be careful about assuming that any of these tests are  
likely to be "free".  In fact, one bit of feedback I got was  
explicit about these additional tests as costing too much.  They had  
tried and found they added too much delay.


Dave,

This touches a significant issue.  The rfc2822.From fields may contain  
addresses that will _not_ resolve any DNS resource records for  
protocols other than SMTP.  For example, Microsoft Exchange was  
initially based upon X.400 recommendations in the 1980s by the  
Consultative Committee of International Telephone and Telegraph  
(CCITT), now known as Telecommunications Standardization Sector of the  
International Telecommunication Union (ITU-T).  As a result, use of X. 
400 addresses means it is fairly common to find email-address domains  
that do not exist whatsoever within DNS.  An NXDOMAIN result with  
respect to an X.400 MS Exchange email-address is completely meaningless.

Although your attempt to better define the ADSP draft's abstract  
represents an improvement, this abstract still misses this extremely  
important point (made in the otis-dkim-adsp draft).  While DKIM might  
be used by many different protocols, it is _not_ practical to offer  
protection based upon the use of DNS for non-public exchange  
protocols.  Nor is it logical to assume that a domain will implement  
DKIM for _all_ exchange protocols, especially when DKIM becomes  
considered essential only for the public SMTP exchange.

With respect to ADSP, the WG must stop pretending ADSP can apply to  
protocols as broadly as DKIM might.  ADSP MUST be narrowly defined as  
only pertaining to SMTP message exchanges!  Otherwise, ADSP becomes  
disruptive when misapplied at an MUA accepting messages carried over  
different protocols.  MUAs might be able mitigate some disruption by  
making ADSP optional.  The optional nature of ADSP could apply to all  
messages handled by the MUA, or more ideally, as an exception limited  
to specific email-address domains.

-Doug 
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check, Dave Crocker
Next by Date:  Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check, J D Falk
Previous by Thread:  Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Domain Existence Check and Erroneous Abstract, Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]