Closed ietf-svn-bot closed 2 years ago
ietf-svn-bot
commented
3 years ago @johnl@taugh.com commented
The MX test is optional, and a check for TXT will produce NXDOMAIN in exactly the same situations where an MX or A or AAAA will.
There is nothing to fix here.
ietf-svn-bot
commented
3 years ago @johnl@taugh.com changed _comment0 which not transferred by tractive
ietf-svn-bot
commented
2 years ago @todd.herr@valimail.com set milestone to Deliverable ietf-wg-dmarc/dmarc-draftissues#3 (changes to DMARC base spec + DMARC Usage Guide
toddherr
commented
2 years ago Rev -14, section A.4 Domain Existence Test, specifically rules out need for MX/A/AAAA test.
Closing ticket.
type_defect| by dougfoster.emailstandards@gmail.comThe MX/A/AAAA test is an appropriate tool for verifying the probable existence of a return-path based on the RFC5321.MailFrom address. In the early days, the requirement to send and receive non-delivery reports meant that all mail systems had to participate bi-directionally. This is no longer the case. Non-delivery reports are officially discouraged, and many messages announce that the return-path is unusable with a NoReply username. For testing RFC5321.MailFrom, SPF is now a necessary part of the calculation, so its absence from the proposed test is baffling. Additionally, use of MX/A/AAAA as a substitute for a missing SPF policy is now discouraged in some circles.
The A/AAAA portion of the test reflects a necessary transition process to MX, but that process should be complete for any domain with enough sophistication to publish DMARC policies. As defined in RFC 5321, the A/AAAA test does not even require that the A/AAAA record be a domain-level name. We know that there are many more A/AAAA records than mail systems, so we can be certain that the test will produce false positives.
Equally important, the RFC5322.From address has no necessary connection to an actual mail server, since the From address can be used exclusively for messages sent by an EMail Service Provider (ESP) using the ESP's identity for the RFC5321.MailFrom address. Consequently, the relevance of the MX/A/AAAA test for distinguishing between SP and NP is lacking.
In sum, the test will produce both false positives and false negatives, making its value doubtful, and it has at best a tenuous connection to the way that RFC5322.From addresses are actually used.
The replacement: A much simpler test, which fits the problem space without false positives and false negatives, is to test for TYPE=TXT, name=FromDomain, to see if it returns status NXDOMAIN.
Issue migrated from trac:111 at 2022-01-24 16:53:53 +0000