[ietf-dkim] protecting domains that don't exist
dotis at mail-abuse.org
Tue Apr 15 16:42:09 PDT 2008
On Apr 15, 2008, at 3:36 PM, Frank Ellermann wrote:
> Douglas Otis wrote:
>> ADSP must either assume email-addresses within the From header are
>> suitable for use with SMTP, and then check for SMTP specific DNS
>> resource records, or require each domain to publish policy resource
> Don't think so, "domain does not exist" is general enough. Some
> mechanism to discover a say jabber server might use SRV and NAPTR
> magic, but if the domain doesn't exist there is also no magic to
> worry about.
> And ADSP is for RFC 2822 messages, not IM, SIP, or what you have.
> If there's a problem (apart from step 3) I think the draft needs to
> mention that domain literals should get ADSP result "unknown".
This is still assuming use of DNS in conjunction with some future
transport. PNRP would be an example of name resolution services fully
independent of DNS. Not to recommend PRNP, this example only suggests
the possibility. It seems using DNS to assert policy necessitates use
of DNS by all possible transports. Unless consensus surrounding ADSP
being forever linked to SMTP/DNS can be established, an assumption of
'existence' checks seems rather dubious. The NXDOMAIN existence check
also ignores issues related wildcards which may be beyond the control
of the originating domain. It is rather ironic a well considered
alternative policy scheme depended upon use of wildcards and
publishing records at every node blocking the wildcard.
ADSP policy should state it only applies to SMTP, where at least SMTP
discovery records can replace dependence upon the questionable return
of NXDOMAIN. Requiring MX records be published in conjunction with
policy records also sets an upper limit on the number of policy
records transactions any future SMTP policy may require. Without an
MX, assume no policy. Without an MX or A record, assume no SMTP
relevant messages relate to this domain. Messages over other
transports would need to establish different criteria (policies)
possibly in conjunction with their discovery mechanisms.
More information about the ietf-dkim