On 2021-04-04 18:00, John C Klensin wrote:
But the bottom line here, as John and others have suggested, is
that the right answer to the question in the subject line is
that an SMTP sender encountering an MX record whose DATA points
to a CNAME (or anything other than an address record) should
just treat the message as undeliverable, a popular
implementation or two notwithstanding. And worrying about
validating the clearly invalid just does not make a lot of sense.
Shouldn't an MTA-STS validator do *exactly* what RFC8461, section 4.1
says: if the *MX record name* matches one or more of the "mx" fields in
the applied policy, a receiving candidate MX host is *valid* according
to an applied MTA-STS Policy? And thus, MX Host Validation passes, even
if the MX record itself is otherwise invalid. Match the MX record name
against "mx" fields in the applied policy. That's it. Conditions to pass
validation here are exhaustive, not inclusive, even if a Sending MTA
honoring MTA-STS might not like that, and even if it wants to be less
liberal or whatever. Exhaustive conditions were met -- validation
passed.
--
Regards,
Kristijonas
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp