On Jun 9, 2008, at 3:38 PM, Jim Fenton wrote:
Dave Crocker wrote:
So we need to be careful about assuming that any of these tests are
likely to be "free". In fact, one bit of feedback I got was
explicit about these additional tests as costing too much. They
had tried and found they added too much delay.
In view of the fact that there is incremental cost, I would like to
suggest that we change the SHOULD [check MX & A/AAAA] to a MAY.
With that change, I'm happy with the text John proposes.
When the desire is to get the draft completed ASAP, eliminate it
having any domain validity check. When a domain validity checks
becomes MAY, publishers can not be assured of any sub-domain
protections anyway.
SMTP domain validity checks could be recommended in a separate draft
independent of ADSP. Adoption of a separate SMTP domain check
algorithm would reduce From address spoofing without DKIM or ADSP even
being involved. Since an SMTP domain check offers benefits on its
own, the SMTP domain validity check algorithm could be split-out from
the ADSP draft and stand by itself.
As a safety matter, removal of ADSP sub-domain assertions is needed to
prevent an assumption that ADSP records should be discovered through
rather dangerous domain tree walks. There are too many SMTP clients
controlled by bad actors to allow adoption of ADSP lead to a series of
transactions against parent domains. After all, such an outcome could
easily facilitate DNS DDoS attacks. ADSP should only offer the
specific publishing domain protections afforded by a practice statement.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html