[Top] [All Lists]

Re: Last Call: draft-klensin-rfc2821bis

2008-03-22 23:04:06

On Mar 20, 2008, at 3:30 PM, John C Klensin wrote:

--On Friday, 21 March, 2008 09:03 +1100 Mark Andrews
<Mark_Andrews(_at_)isc(_dot_)org> wrote:

     I think Doug is saying don't let domains with just AAAA
     records be treated as valid RHS of email.  Today we
     have to add records to domains with A records to say that
     these are not valid RHS of email.  With MX synthesis
     from AAAA you create the same problem for domains with
     AAAA records.

             user@<A record owner>
             user@<MX record owner>
             user@<AAAA record owner>  * don't allow this.

Mark, Doug,

With the understanding that this is just my personal opinion (as  
editor, I'll do whatever I'm told) _and_ that I'm personally  
sympathetic to phasing out even the A record implicit MX...

It seems to be that 2821bis is the wrong place to try to fix this,  
especially via a comment posted well after the _second_ Last Call  
closed.   The current phrasing is not an oversight. It was  
explicitly discussed on the mailing list and this is the behavior  
that people decided they wanted.


In the past you had made several comments that RFC2821bis would not  
change SMTP, and that you had also stated AAAA records where NOT  
defined as SMTP server discovery records.  (Not in those words of  
course.)  It does not appear this change was your choice, but  
nonetheless and surprisingly this unfortunate change is now being made.

The "update" of RFC2821 is making a _significant_ architectural change  
to SMTP by explicitly stating AAAA records are within a list of SMTP  
server discovery records.  This change represents a poor architectural  
choice since this _will_ increase the burden on networks being spoofed  
by abusive email.  Due to high levels of abuse, confirming validity of  
email domains by checking for discovery (A and MX) records in the  
forward DNS zone often replaces an alternative of checking PTR records  
in the reverse DNS zone.  The reverse zone suffers from  
poor maintenance where its use creates a sizeable burden for  
recipients.  RFC2821bis now adds AAAA records to a list of records  
that must be checked to disqualify public SMTP server domains within  
the DNS forward direction.  This change adds to the transactional  
burdens already headed in the wrong direction.  It would seem a sound  
architectural change would be to deprecate A records as a means to  
qualify domains for message acceptance, but RFC2822bis adds AAAA  
records instead.  This situation becomes considerably worse when  
domain tree walking or wildcards are then preferred over checks  
against discovery records.

It was not my intention to post this after last call, but this only  
came to my attention recently.  For that I am sorry, nevertheless this  
issue may deserve greater consideration.


IETF mailing list