[Top] [All Lists]

Re: Submission and SMTP SRV records

2004-03-17 15:00:59

On 3/17/04 at 10:13 AM -0500, John C Klensin wrote:

        * Getting to that server may, in practice, require
        either special authentication setups or running a tunnel
        to get to the server, a tunnel that might otherwise not
        be present.  The presence or absence of SRV information
        is not likely to be a big help with that so, for some
        cases, Keith's argument (as I interpret it) that enough
        hand-configuration is required that SRV doesn't solve
        enough of the problem to be worth the trouble may be
        very relevant.

Unless we solve the entire configuration problem (which I think is intractable), there will *always* be some hand configuration, whether that involves firing up a VPN tunnel on your OS (well below the layer that most MUAs worry about), entering your own e-mail address, or choosing the screen font to display menus in your MUA. None of those problems are addressed by a solution which finds a server based on an e-mail address. Keith's argument (as I read it) was not only that solving this one problem isn't worth it, but that it might actively cause harm. I don't think the relative value question is one we need to worry about; that's strictly a judgement call for those wanting to implement it. If such a solution causes harm *is* something we need to worry about, but I've seen no convincing argument that it would cause any harm.

        * You wrote in a later note... "Moreover, SRV "works" in
        more situations than all of the others. I mean, DHCP is
        pretty cool but it doesn't "work" when I'm dialing up
        from an airplane and getting "local" PPP (that changes
        every 300 miles) and no localized proxy gateway to my
        home server".  Well, I don't think that, on that
        airplane, the SRV model in the draft is going to work as
        expected either, at least unless your organization has
        an implementation of dynamic DNS that might be
        considered to go past the basic model of the DNS spec
        (giving you widely different answers based on the IP
        address range from which your query came) and had a
        fairly intimate relationship with the airline.  That is
        probably a case of the model outlined below, but need
        not be (and it raises a whole collection of trust

No, I think you've gotten this completely wrong. Dynamic DNS or intimate relationships with the airline have no bearing at all on the example. In the airplane case, my IP address might be changing a lot, my DNS servers and other information returned by DHCP might be changing a lot, but (assuming the protocol used in the draft) if my e-mail client is configured with an e-mail address of "presnick(_at_)qualcomm(_dot_)com", an SRV lookup for "" is going to return the same answer every time, no matter where in the world I'm connecting from and I'm going to connect to the same submission server every time.

It *would* be a problem if we were using the "I want a server on *this* network" model, but that isn't what's discussed in the draft.

More important, it isn't the only model. In today's network, where ACL restrictions on SMTP connections outgoing from particular subnets are common (I'm not suggesting that they are a good idea, only that they are common), it would make far more sense to support an inquiry for "submission server that I can reach from my address and that will accept my relay traffic".

Though there is a great deal of blocking of port 25 (or even worse, redirecting), I'm not sure blocking of 587 (or other submission ports) is a problem. I think "local submission server that will accept my relay traffic" is not a concept that's going to survive the latest wave of anti-spam maneuvers by ISPs. Furthermore:

That could, of course, be done with an SRV setup and a different style of query. Or it could, in principle and in many cases, be done with DHCP when (or after) the local host or gateway address is assigned (but no one I know of supports that either).

I think DHCP, and not SRV, would be the right way to handle such a case if one wanted to address that particular problem space.

I do think the ability to find "the submission server that goes with this domain name from this e-mail address" is going to be an increasingly widespread desire. Whatever the percentage may be, I'll bet it's on the rise.

Pete Resnick <>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102