Mail autoconfig protocol allows email clients to automatically configure email accounts. This report creates the RFC to standardize the protocol within the IETF.
But it is not specified what the client should do if it fails to connect to these URLs. Some clients attempt heuristics like trying mail.example.org, imap.example.org etc. subdomains on various ports. This may be a bad idea if autoconfig actually exists but HTTPS connection failed due to a spurious network error or the connection to HTTPS port being blocked.
Maybe it makes sense to specify that if DNS resolution fails for autoconfig.example.org, the client should abort the whole configuration procedure? If autoconfig.example.org resolution returns NXDOMAIN then we cannot guarantee anything, but if DNS resolution times out we better not proceed.
This way provider publishing on autoconfig. subdomain (in contrast to using .well-known URL) can ensure that autoconfig is always used as long as the client uses a non-malicious DNS resolver, e.g. a trusted DoH resolver or a recursive resolver running on a trusted LAN.
On a second thought, there is still a problem of what to do if autoconfig. subdomain resolves to IP address, but we fail to connect due to connection being refused or timeout.
Currently the standard specifies that the following URLs should be tried:
https://autoconfig.%EMAILDOMAIN%/mail/config-v1.1.xml?emailaddress=%EMAILADDRESS%
https://%EMAILDOMAIN%/.well-known/autoconfig/mail/config-v1.1.xml
http://autoconfig.%EMAILDOMAIN%/mail/config-v1.1.xml
But it is not specified what the client should do if it fails to connect to these URLs. Some clients attempt heuristics like trying
mail.example.org
,imap.example.org
etc. subdomains on various ports. This may be a bad idea if autoconfig actually exists but HTTPS connection failed due to a spurious network error or the connection to HTTPS port being blocked.Maybe it makes sense to specify that if DNS resolution fails for
autoconfig.example.org
, the client should abort the whole configuration procedure? Ifautoconfig.example.org
resolution returns NXDOMAIN then we cannot guarantee anything, but if DNS resolution times out we better not proceed.This way provider publishing on
autoconfig.
subdomain (in contrast to using.well-known
URL) can ensure that autoconfig is always used as long as the client uses a non-malicious DNS resolver, e.g. a trusted DoH resolver or a recursive resolver running on a trusted LAN.