[ietf-dkim] Domain Existence Check and Erroneous Abstract
dotis at mail-abuse.org
Mon Jun 9 11:11:33 PDT 2008
The issue raised was _not_ specifically about X.400 address space
(intended not to overlap with that used by DNS). MS Exchange permits
use of proxy addresses defined as SMTP name space with an assignment
process facilitating a mixed name space that is _not_ done using DNS.
As a result, it is not unusual to find what might appear to be a
normal SMTP addresses handled by a corporate MS Exchange without there
being any related records existing within DNS. Organizations making
use of this assignment facility may find message acceptance of some
forwarded messages disrupted by what amounts to an ADSP domain
validation test. It remains important to be specific about the
transport protocol pertaining to ADSP.
To handle situations dealing with crucial systems or where there are
non-DNS assignments, a mitigation strategy making domain or address
specific exceptions seems necessary. An alternative solution would be
to abandon any validations related to DNS. As such, ADSP would not
prevent sub-domain abuse. Either SMTP validity checks are advocated,
or sub-domain practice assertions should be abandoned. Use of a
prefix for a TXT record will not permit a safe discovery algorithm
where domain validity does not play a critical role.
More information about the ietf-dkim