[ietf-dkim] RE: I think we can punt the hard stuff as out ofscope.

Douglas Otis dotis at mail-abuse.org
Sat Jun 9 11:25:00 PDT 2007 

On Jun 9, 2007, at 10:48 AM, Hector Santos wrote:

> Jeff Macdonald wrote:
>> On Sat, Jun 09, 2007 at 07:51:51AM -0700, Douglas Otis wrote:
>>> The discovery process itself might provide a solution.  For a  
>>> message  to contain a valid email-address, the domain of this  
>>> address MUST  locate either an MX or A record.  The DKIM WG could  
>>> strongly  recommend A record discovery be deprecated, and that  
>>> only MX records  be used for discovery.  Within a few years, it  
>>> should be possible to  obsolete use of A record discovery.  An  
>>> email-address would not be  valid without an MX record.  This  
>>> would mean that policy placement  adjacent to the MX record would  
>>> be the only location any policy  record would need to exist.  In  
>>> this case, the discovery process  itself indicates whether or not  
>>> the sub-domain is USED/UNUSED.
>> Are you referring to the process that some MTAs follow? For  
>> example, if
>> a MTA needs to deliver a message, it is suppose to find a MX for the
>> right hand side of the email address and deliver it to the eventual A
>> record (Hector's claim that some MX records return IPs confused me).
>
> I was referring to MX expansion and how each DNS client within a  
> SMTP client may behave.  More below.
>
>> Some MTAs, when they don't find an MX record, just lookup an A record
>> instead and deliver to the resulting IP.
>> If that's the case, shouldn't the deprecating of A lookups when a MX
>> lookup fails be brought to the SMTP group?
>
> Yup, and IMO, I can almost guaranteed the idea will be killed  
> ASAP.  I would vote against it.
>
> I seriously doubt people will begin to screw around with their  
> various retries logic.  Plus, you are going to hear those who say  
> MX is about inbound, not outbound and "Never The Twain Shall Meet."

This is not about using MX records as a means to resolve an outbound  
path.  This is only about confirming the domain used in an email- 
address simply exists.  Existence is determined by the mere existence  
of records used to discover the inbound path for the email-address.   
This does not require that inbound and outbound servers be one-in-the- 
same.

"Proof of use" would not require that any IP address match that of  
the SMTP client, or that the email-address domain associated with an  
MX also provide an A record, or that an A record actually locate an  
SMTP server.

-Doug

More information about the ietf-dkim mailing list