On Mar 20, 2008, at 3:30 PM, John C Klensin wrote:
--On Friday, 21 March, 2008 09:03 +1100 Mark Andrews
I think Doug is saying don't let domains with just AAAA
records be treated as valid RHS of email. Today we
have to add records to domains with A records to say that
these are not valid RHS of email. With MX synthesis
from AAAA you create the same problem for domains with
user@<A record owner>
user@<MX record owner>
user@<AAAA record owner> * don't allow this.
With the understanding that this is just my personal opinion (as
editor, I'll do whatever I'm told) _and_ that I'm personally
sympathetic to phasing out even the A record implicit MX...
It seems to be that 2821bis is the wrong place to try to fix this,
especially via a comment posted well after the _second_ Last Call
closed. The current phrasing is not an oversight. It was
explicitly discussed on the mailing list and this is the behavior
that people decided they wanted.
In the past you had made several comments that RFC2821bis would not
change SMTP, and that you had also stated AAAA records where NOT
defined as SMTP server discovery records. (Not in those words of
course.) It does not appear this change was your choice, but
nonetheless and surprisingly this unfortunate change is now being made.
The "update" of RFC2821 is making a _significant_ architectural change
to SMTP by explicitly stating AAAA records are within a list of SMTP
server discovery records. This change represents a poor architectural
choice since this _will_ increase the burden on networks being spoofed
by abusive email. Due to high levels of abuse, confirming validity of
email domains by checking for discovery (A and MX) records in the
forward DNS zone often replaces an alternative of checking PTR records
in the in-addr.arpa reverse DNS zone. The reverse zone suffers from
poor maintenance where its use creates a sizeable burden for
recipients. RFC2821bis now adds AAAA records to a list of records
that must be checked to disqualify public SMTP server domains within
the DNS forward direction. This change adds to the transactional
burdens already headed in the wrong direction. It would seem a sound
architectural change would be to deprecate A records as a means to
qualify domains for message acceptance, but RFC2822bis adds AAAA
records instead. This situation becomes considerably worse when
domain tree walking or wildcards are then preferred over checks
against discovery records.
It was not my intention to post this after last call, but this only
came to my attention recently. For that I am sorry, nevertheless this
issue may deserve greater consideration.
IETF mailing list