search

benbucksch / autoconfig-spec

Mail autoconfig protocol allows email clients to automatically configure email accounts. This report creates the RFC to standardize the protocol within the IETF.
Other
5 stars 2 forks source link

Preventing spurious "downgrade" to heuristics #11

Open link2xt opened 1 month ago

link2xt commented 1 month ago

Currently the standard specifies that the following URLs should be tried:

  1. https://autoconfig.%EMAILDOMAIN%/mail/config-v1.1.xml?emailaddress=%EMAILADDRESS%
  2. https://%EMAILDOMAIN%/.well-known/autoconfig/mail/config-v1.1.xml
  3. http://autoconfig.%EMAILDOMAIN%/mail/config-v1.1.xml

But it is not specified what the client should do if it fails to connect to these URLs. Some clients attempt heuristics like trying mail.example.org, imap.example.org etc. subdomains on various ports. This may be a bad idea if autoconfig actually exists but HTTPS connection failed due to a spurious network error or the connection to HTTPS port being blocked.

Maybe it makes sense to specify that if DNS resolution fails for autoconfig.example.org, the client should abort the whole configuration procedure? If autoconfig.example.org resolution returns NXDOMAIN then we cannot guarantee anything, but if DNS resolution times out we better not proceed.

This way provider publishing on autoconfig. subdomain (in contrast to using .well-known URL) can ensure that autoconfig is always used as long as the client uses a non-malicious DNS resolver, e.g. a trusted DoH resolver or a recursive resolver running on a trusted LAN.

link2xt commented 1 month ago

On a second thought, there is still a problem of what to do if autoconfig. subdomain resolves to IP address, but we fail to connect due to connection being refused or timeout.