[Top] [All Lists]

Re: Email System Model

2009-05-22 09:57:45

ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:
Externally administered backup MXes run into backscattering because they don't maintain a copy of the users database.

Some don't, many do.

Hm... would you expand on that, please? I browsed a few backup MX providers (DydDNS, ZoneEdit and Mailfail) and saw no evidence that they do.

You're looking at commercial backup provision services. Historically this isn't how backuup MX arrangements have worked. Most of them are simply one small site helping out another. In such cases providing a copy of your address list often isn't a big deal.

Offering backup MX services to a 98+% uptime server didn't require much resource allocation, at the time. Holding a cache copy of the users database may be slightly heavier.

In fact there's even a suggested protocol for it. I don't recall the draft
name, but it works by putting the address list in the DNS. You then use zone transfer to move the data around and keep it up to date.

I only found "Minger", Expires: January 9, 2009
In short, it provides an UDP-based security-enhanced alternative to VRFY, and uses no DNS. It might have worked, but would have required a backup minger server...

in principle, users should be aware of what organizations take part in managing their data. Currently, that info is relegated to a non-machine readable ISP's policy page, if any.

That's ... idealistc, I must say. I doubt very much if most administrators agree that simply the list of active addresses, with no additional attached data whatsoever, in their domains have such serious privacy implications.

Serious or not, it is what privacy laws require in several countries. While a policy page is enough for the law, I think privacy concerned users would appreciate the ability to retrieve the effective list of servers where their email addresses are stored. I agree it's an idealistic wish, and it will probably remain that way until some marketing function will say otherwise.

The rule to strip subaddresses is a good point. Apparently, a regex might suffice,

At one point I suggested using NAPTR records as part of the address
distribution protocol for secondaries in order to get exactly this effect.

Is it practical to use DNS at all for this purpose? Why not LDAP, SQL, rsync, or ...? Regexes could also be passed along with other metadata, such as agreements on DNSBLs, whitelists, etcetera (and what of that can be overridden by per-user flags.)

<Prev in Thread] Current Thread [Next in Thread>