ietf-mxcomp
[Top] [All Lists]

Wild card MXes

2004-05-24 20:35:57

Last week we were arguing about using a TXT record vs. using a new
MARID record type, and since _ep.*.foo.com doesn't work with existing
DNS servers, the question came up whether there's a lot of people
using wildcard MXes.

I checked around and there are indeed a lot of them.  Any scheme that
doesn't support wildcards will break a lot of existing mail systems
and make it impractical to deploy useful new ones.

One category is systems like Panix, which gives each of its users a
subdomain of the form user.panix.com.  Panix tells me that as you
might expect, this is more popular among experienced users, but the
ones who use it use it a lot.  They grepped the logs and found
thousands of messages per day and they're not a very big ISP.

A second category is bulk mailers who mail on behalf of other
companies and use domains of the form client.mailer.com on their mail.
The big ones like microsoft.m0.net use explicit records, but there are
mailers with thousands or tens of thousands of customers, and that'd
get awfully cumbersome without wildcards.

A third category is organizations with multiple divisions or locations
that use a single mail gateway.  For example, the Oklahoma DOT has a
MX for *.okladot.state.ok.us (along with some CNAMEs for shorter
addresses) that lets them filter all the mail in one place and then
use internal rules to route the mail to the various departments.

A fourth category is systems that encode a second domain to which mail
is to be forwarded in the domain.  If you have an account at
Mailshell, you can enter addresses into web forms like
foo(_dot_)contest(_dot_)alias(_at_)username(_dot_)mailshell(_dot_)com(_dot_)  
It forwards mail to that
address to you based on your username.  If the return address is
joe(_at_)foo(_dot_)com, it's rewritten when forwarded to you as
joe(_dot_)at(_dot_)foo(_dot_)com(_at_)foo(_dot_)contest(_dot_)alias(_dot_)at(_dot_)username(_dot_)mailshell(_dot_)com,
 and if you
respond to that, the addresses are rewritten on the way back so the
correspondent sees only your mailshell.com address in the mail he gets
back.

All this shows that people really do use wildcards for mail.  I see
three ways to make this work with MARID:

a) define a MARID record type and tell people with strange firewalls
that can't deal with new record types to do MARID validation at the
gateway.  (This is a reasonable design, although I realize there are
plenty of unreasonable systems around.)

b) use TXT records in the same domain as the MXes, start them all with
a unique string that serves as a magic number, and hope that other
applications that use TXT records don't get too confused.

c) put TXT records in subdomains and tell people that use wildcards
that they'll have to use peculiar DNS servers to serve up their
_ep.*.domain TXT records.

Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com


<Prev in Thread] Current Thread [Next in Thread>