[Top] [All Lists]

Re: current usage of AAAA implicit MX?

2008-04-07 19:58:27

On Apr 7, 2008, at 9:54 AM, Dave Crocker wrote:
John C Klensin wrote:
--On Sunday, 06 April, 2008 22:44 -0400 "Robert A. Rosenberg"
<hal9001(_at_)panix(_dot_)com> wrote:
Remember that the A-Fallback behavior is ONLY due to the needs (back in the 1980s)
Someone would need to check with Craig Partridge, but I believe that "only" (or "ONLY") in the above is not strictly correct. It may have been the primary reason, but, no matter how often "only" is repeated a desire to permit minimal configurations did, I am quite sure, figure in to the equation.

A side discussion about history might be interesting, but I'll suggest that it should not really be a factor for the current discussion. The reasons are:

1. It has a substantial installed base of use now.

SMTP without MX and only AAAA resource records is not widely deployed for public interchange.

2. There is a benefit in the feature, by virtue of reducing the effort to create and email receiving service, and in some environment the reduction is quite significant.

Standardizing on AAAA fallback when MX resource record do not exist will require those using IPv6-only hostnames to publish bogus MX resource records as a means to avoid undesired traffic SMTP now generates. Standardization on AAAA fallback is likely to attract this undesired traffic and further abuse of SMTP. The undesired traffic can be substantial, depending upon the nature of the spoofed email, where creating bogus MX resource records in response should not be seen as beneficial. This effort will increase the DNS zone sizes. Instances of IPv6 only SMTP lacking MX records and receiving public SMTP traffic is sure to represent a small minority of the number of hostnames in IPv6 address space.

A standardized default behaviour of AAAA fallback would also increase the overhead for those transmitting or receiving SMTP messages. This new fallback mode would necessitate an additional DNS transaction and greatly increase the pool of hostnames used for spoofing an originating domain. In addition, when the hostname with AAAA only records do not accept messages, it may take days and many transactions before this problem is reported. When a host is intended to act as a public SMTP server, publishing an MX record can be seen as offering an Opt-In strategy. As everyone knows, Opt-Out and email does not work.

3. It is not generally recognized as causing any problems now.

Spoofing of originating domain is extremely common. This strategy is already creating undesired traffic on servers not running SMTP. This traffic might be generated when spoofed messages are being returned as NDNs, or when receiving SMTP servers attempt to validate the domain of the message in question. When an MX is not found, a test might be performed by confirming a connection to port 25 is possible. When these IPv6 hostnames represent simple devices reporting the status of vending machines, hot water heaters, etc, the undesired traffic created by the standardization of AAAA fallback may be enough to make these devices inoperable. SMTP needs to play well with other protocols.

What we need to do with this thread is end it.

End the denial that standardizing AAAA fallback for SMTP is not a substantial architectural change. Depending upon the AAAA fallback mode of operation is also less likely to provide inter-operation, the goal of standardization.