Hi David,
This reply is off-topic and is not related to the current rfc2821-bis
discussion.
At 19:58 01-05-2007, David F. Skoll wrote:
>Perhaps an RFC for querying whether or not an e-mail address is
>valid using DNS? :-)
>
> host -t txt some.email.AT.example.com.email-verification-zone.example.com
This is an interesting idea. How about:
host -t txt f098474401a124aa5a2738b6353e22da.example.com._vrfy.example.com
where f098474401a124aa5a2738b6353e22da is a MD5 hash of the email
address. That's to avoid disclosing the actual email address.
Just off the top of my head:
(1) Case sensitivity. Domains aren't case sensitive but local parts can be
at the whim of the domain administration. Case insensitive local parts
would have to be upper or lower cases prior to hashing.
(2) Subaddresses. Lots of sites support various forms of subaddressing, and
when subaddresses are allowed they may provide users with the ability to
place essentially arbitrary strings in the local part somewhere.
(3) Hash function agility. Recent experience has shown that hard coding a
specific hash function in an application is a really bad idea. (MD5 in
particular is sufficiently broken at this point that using it in any
new application is essentially a nonstarter, but SHA-1 or even SHA-256
should not be hard coded either.)
These issues can be addreessed by adding in some additional domain-specific
information, possibly composed as a list of regexps plus an option setting or
two. Interestingly, the DNS actually provides a record for conveying exactly
this sort of information: The NAPTR record. I don't think the entire DDDS
mechanism described in RFCs 3402-3403 is needed here, but a careful profile of
NAPTR records which are then attached to _vrfy.example.com would be sufficient.
I think we can ignore domain literals here since there's no way to look
up an MX for a domain literal.
The hard part of this for some sites is going to be actually enumerating all
their valid addresses. Email address handlers are as a rule constructed around
the ability to determine if a given address is valid, which often is done
through a fairly complex series of checks and normalization operations. Systems
typically aren't as amenable to creating an exhaustive enumeration of all
possib le valid addresses.
Queries for the zone can be restricted to the DNS server used by the
secondary MX. It may not scale well for a site with a lot of email
addresses. It should suite the needs of small and medium sites as
they can use their existing DNS infrastructure to implement it.
Really large sites already have their own backup mail servers, replicated
directories and multihoming solutions in place and hence are unlikely to be
interested in this. So yes, it does make sense to target this for small to
medium sized sites.
Ned