[Top] [All Lists]

Re: Queued Mail or Unreturnable Mail?

2008-05-05 00:38:17

On May 3, 2008, at 4:01 PM, Frank Ellermann wrote:

John Leslie wrote:

My personal inclination is to declare "guessing" out of scope for returning DSNs. We already know that not every domain wants them. Declaring that one MUST send them even when the receiving domain has not expressed an interest in receiving them leads to known problems _today_. It would be good, IMHO, to have a clear way to declare an interest in receiving them, or _not_ receiving them

That is a solved problem for senders and receivers participating in SPF, a PASS means "yes, please inform me about delivery issues as specified in 2821bis".

A FAIL means "please reject at your border, a (wannabe) originator as indicated in the reverse-path is likely not the real originator, and where that is not the case it is a problem to be solved by the hop before you (forwarder or simply an erroneous policy), not your problem".

No guessing involved for PASS and FAIL.

Mention of SPF should be accompanied with security admonishments not to expand evaluation macros. The sequence of transactions that might be needed to retrieve SPF authorization lists may not end guessing, since these lists are often incomplete and allow NEUTRAL or SOFT-FAIL results. Such results are easily exploited. SPF's use of generic TXT records at base domains is unlikely to completely transition to the service specific resource record, and will conflict with future protocols and revisions.

Since a large percentage of domains accepting SMTP connections already publish MX records, expecting MX for acceptance eliminates publishing or retrieving other SMTP related records within sub-domains lacking MX records. Such an expectation offers domains not publishing MX records substantial protection from undesired connections and subsequent DNS transactions otherwise necessary to support SMTP and various SMTP extensions. In addition, invalid return-paths can be immediately deduced within a single transaction. The transmitter of the message must be expected to offer succinct evidence of a valid return-path.

Transactions pertaining to acceptance of anonymous initiations of personal messages should be limited to domains publishing resource records explicitly supporting the exchange protocol. This practice become increasingly important to limit the level of undesired traffic expended by a distribution of receivers. For SMTP, the resource record would be MX.