ietf-smtp
[Top] [All Lists]

Re: Do domains in SMTP have to exist ?

2008-04-12 16:15:01



--On Saturday, 12 April, 2008 16:23 +0000 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:

Hi.  I have a new niggly question.

Over in DKIM land there is a battle going on with respect to
the treatment of domains that don't exist, with "don't exist"
meaning something like an authoritative DNS server doesn't
return an MX or A or AAAA or CNAME for the name.

Looking through the current draft, it looks to me like everyone
assumes that domain names have to exist, with the explicit
exception of the HELO/EHLO name, but it never says so in so
many words.

Is this a deliberate omission, or is it so obvious that it
wasn't worth stating explicitly?

John,

I think this goes to the core of the disagreement you summarized
in a recent note.    The spec definitely doesn't say "we expect
you to check those FQDNs to be sure that the return something.
Obviously, as you note, it doesn't prohibit that check either.  

There is also a question of just what "existing" means, i.e.,
how far one should pursue a validity test.   In particular if a
mail command (other than EHLO/HELO) includes an FQDN for
foo.example.com and there is a DNS record of 
    foo.example.com.  IN MX 5 bar.example.com.
and no other records for foo.example.com, does bar.example.com
have to exist and be associated with an address record in order
for us to believe that foo.example.com exists?

With the understanding that we disagree about parts of the
model, if I look at this in robustness principal terms, I
suppose one would have to say to anyone passing a domain name
across the interface that they really ought to be sure it is
valid but to a receiving entity that they should not get more
upset than necessary if it isn't.   And then Frank and I, and
probably you and I, could disagree about what is necessary.
    
And, of course, if one really wanted to require a domain name
that points to something that runs an SMTP server and wants to
receive mail, then one would almost certainly want to deprecate
address literals because they would no longer make any sense.

But one then ends up back at the issue that Ned raised some
weeks ago (at least if I understood his comment), which is that
we've got email senders and receivers that, by prior agreement
and for perfectly good reasons, ignore whatever MX records might
be present and reach each other directly by addresses (whether
they explicitly use the DNS to find those addresses or not).

Given that train of reasoning, I think you should assume that
the omission was deliberate, whether it actually was or not.

    john