[ietf-dkim] protecting domains that don't exist
Dave Crocker
dhc at dcrocker.net
Fri Apr 11 22:38:17 PDT 2008
John Levine wrote:
>> As someone pointed out, you can interchange steps 1 and 2 in the
>> specification, putting the existence check first. And then, of course, you
>> can decide that the existence check is done outside ADSP. If the existence
>> check is removed, I would advocate putting in language that says an existence
>> check SHOULD be performed before doing ADSP.
>
> That seems reasonable. My objection (and I think also Dave's) is not that
> it's a bad idea, but that it's not part of DKIM or ADSP.
Just to get this on the record, yes, I think it's out of scope, but in the
interest, I think it would be no worse than benign to have a non-normative
statement, along the lines of:
"In the absence of an ADSP record, attempted use of unregistered domain
names can be detected by querying the DNS for the domain name and treating a
returned NXDomain as an unauthorized use."
This provides the desired education without confusing things with ADSP and
without getting overly lofty about the wonderfulness of the mechanism.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list