[ietf-dkim] Jim's issues - one more try
Charles Lindsey
chl at clerew.man.ac.uk
Wed Jun 13 03:47:31 PDT 2007
On Tue, 12 Jun 2007 01:28:05 +0100, Douglas Otis <dotis at mail-abuse.org>
wrote:
> So when wildcard records are not used,
> after receiving a message considered not signed:
>
> - When neither an MX (or A) record are found, refuse the message.
> - When an MX (or A) record are found, query for a policy record.
> - When no policy is found, there is no policy. (Searching not
> required.)
> - When policy requires DKIM signatures, refuse the message.
That works for the domain that "never sends mail"
"never receives mail"
But what about the domain that receives, but never sends?
In that case you will publish several MX records (with assorted
preferences) as usual. But then you also publish an extra MX record with a
ridiculously low preference (99 say) which points to something
unresolvable (e.g. nomail,invalid).
By convention, that means "sends no mail". So if you are a receiving site
considering whether some message can be discarded, you just ask to see the
MX records for the domain, and see if they include one pointing to
nomail.invalid.
I reckone there would be no need then to depracate A records where |MX was
absent, or anything like that.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list