While this response may be a bit late, the change in section 5.1
indicating SMTP server discovery now explicitly supports IPv6 address
records represents a significant change from RFC2821.
While a desire to retain current practices has some justification,
extending an already dubious and archaic practice to the explicit use
of IPv6 raises significant questions.
The level of misuse afflicted upon SMTP often results in an
exploration of DNS SMTP discovery records to determine whether a
purported domain might be valid in the forward direction. To remain
functional, reverse DNS checks are often avoided due to the poor level
of maintenance given this zone. A move to deprecate A records for
discovery when performing these checks to ascertain domain validity
would favourably impact the level of undesired transactions. To
combat rampant domain spoofing, some domains also publish various
types of SMTP related policy records. To counter problems related to
wildcard policy records, a lack of policy may be conditioned upon
presences of possible SMTP discovery records.
Adding IPv6 to the list transactions needed to qualify SMTP domains
that is predominately triggered by geometrically growing levels of
abuse or misuse appears to be a remarkably poor choice. To suggest a
domain might reply upon this mechanism again appears to be remarkably
poor advice. Reliance upon a communication system should not be
predicated upon such a questionable mechanisms. During the next
disaster, would you want FEMA to not use MX records or to depend upon
IPv6 address records? Not including IPv6 as a discovery record would
better protect networks in the face of growing misuse of SMTP while
also better ensuring the integrity of SMTP.
-Doug
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf