On Apr 4, 2021, at 11:58 AM, Sam Varshavchik
<mrsam(_at_)courier-mta(_dot_)com> wrote:
The specification's audience is mostly SMTP implementations. But the onus on
complying to this requirement is on the owners and operators who configure
their domains. And in the context of setting up and installing their DNS
records, there's nothing wrong with installing a CNAME for an MX target.
This is it in a nutshell. MTAs in fact (continue to) support CNAME-valued
MX exchange hosts, and users don't expect to run into any issues. So the
prohibition in 5321 is largely unexpected to them.
The fact that the overwhelming majority of domains have MX hosts that are
not CNAMEs is partly a result of concentration: a small number of MX hosts
serve a large number of domains, and partly the fact that MX indirection
entirely obviates the need for separate CNAME indirection:
example.org. IN MX 0 mx.example.org.
mx.example.org. IN CNAME smtp.provider.net.
Why on earth not just:
example.org. IN MX 0 smtp.provider.net.
And yet this through ignorance, fashion or oddity of tooling this is
marginally popular. Complexity only sets in when implementations need
to choose reference identifiers for TLS, and perhaps don't think it
through carefully enough. So in combination with MTA-STS and DANE,
CNAME handling gets a bit more error-prone.
So I think that users SHOULD avoid the CNAMEs, and yet MTAs should
do their best to work anyway.
--
Viktor.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp