MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
Hector Santos
hsantos at santronics.com
Thu Jun 7 10:20:49 PDT 2007
Steve Atkins wrote:
>
> On Jun 7, 2007, at 1:34 AM, Hector Santos wrote:
>> The single DNS query syntax would be:
>>
>> a.b.c.d.e.f.g.h.i.j.k._ssp.foo
>>
>> The result will depend on what this organization is going to define
>> for policies at each level.
>
> By your reasoning, if presented with the hostname
> sales.demon.co.uk you would query for sales.demon.co._ssp.uk.
>
> That won't work. At all.
>
> Please, before making assertions about how DNS resolution
> should work, think about the basics of how DNS actually works.
For the record, has you tried it?
I have it prepared for my santronics.com zone file.
; default NOMAIL
*._ssp 0 TXT "v=dsap1.0; rr=0; op=; 3p=; fa=fail; fx=fail;
fs=fail;
; santronics.com OPTIONAL policy, no 3PS
_ssp 0 TXT "v=dsap1.0; sd=*; rr=0; op=optional; 3p=never;
a=rsa-sha256; fa=fail; fx=fail; fs=fail;
; alway sign with corp.santronics.com
corp._ssp 0 TXT "v=dsap1.0; sd=corp; rr=0; op=always; 3p=never;
a=rsa-sha256;
; alway sign with sales.santronics.com
sales._ssp 0 TXT "v=dsap1.0; sd=sales; rr=0; op=always; 3p=never;
a=rsa-sha256;
; alway sign with europe.santronics.com
europe._ssp 0 TXT "v=dsap1.0; sd=europe.sales; rr=0; op=always;
3p=never; a=rsa-sha256;
; never sign with public.santronics.com
public._ssp 0 TXT "v=dsap1.0; sd=public; rr=0; op=never; 3p=never;
; never sign with list.santronics.com
list._ssp 0 TXT "v=dsap1.0; sd=list; rr=0; op=never; 3p=optional;
3pl=mipassoc.org
Do the DNS query for the valid ones and fake sub domains, or no subdomains:
NSLOOKUP -query=txt SUBDOMAINS._ssp.santronics.com
You said it won't work "AT ALL." I would like to know why not? Every
policy I want is defined including eliminating the ABUSE with a global
NOMAIL record.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
More information about the ietf-dkim
mailing list