John C Klensin wrote:
suppose that such a domain has DNS records as follows:
smtpout.example.com. AAAA ....
example.com. MX 0 smtpin.example.com.
stmpin.example.com. A ....
suppose also that the network that supports these hosts
has a network layer IPv6-IPv4 conversion gateway, a
gateway that makes its conversions at the packet layer,
invisible to SMTP.
Arrggh. Strike my comment trying to "improve" the proposed
SHOULD NOT, and strike my "IPv6 gateway considerations". :-(
I completely missed this "invisible" case.
The potential "IPv6" issues are really ugly. We're near to
a "MUST NOT IPv6 only" (but not exactly a "new" requirement
if it was always implied).
It does seem to me that it might be useful to add, possibly
to the Security Considerations section, a comment to the
effect that the tests required or prohibited by SMTP in
order to determine whether to reject or deliver mail and
questions about how far to push the robustness principle
in terms of what to accept and whether deviations that are
still considered deliverable should be evaluated in message
classification, are outside the scope of 2821bis.
IMO not discussing it would cause havoc when folks just try
to do the right thing, and miss a scenario like your example
in their considerations.
Outside of the security considerations we need a caveat or
note that the IP address of the client is not necessarily
the IP seen by the server, even if the obvious NAT cases are
excluded. [[ And that caveat has to be copied to 4408bis. ]]