On July 21, 2019 6:01:05 PM UTC, Alessandro Vesely <ves...@tana.it> wrote:
>On Sun 21/Jul/2019 18:53:35 +0200 Scott Kitterman wrote:
>>>
>>>> Keep in mind that senders do send from what we call non-existent
>domains for
>>>> reasons that seem good and sufficient to them. Let's take that as
>a fact,
>>>> whether it makes sense to us or not.
>>>
>>>
>>> Fair enough. Let me quote the current spec:
>>>
>>> A.4. Domain Existence Test
>>>
>>> A common practice among MTA operators, and indeed one documented
>in
>>> [ADSP], is a test to determine domain existence prior to any more
>>> expensive processing. This is typically done by querying the DNS
>for
>>> MX, A, or AAAA resource records for the name being evaluated and
>>> assuming that the domain is nonexistent if it could be determined
>>> that no such records were published for that domain name.
>>>
>>> The original pre-standardization version of this protocol included
>a
>>> mandatory check of this nature. It was ultimately removed, as the
>>> method's error rate was too high without substantial manual tuning
>>> and heuristic work. There are indeed use cases this work needs to
>>> address where such a method would return a negative result about a
>>> domain for which reporting is desired, such as a registered domain
>>> name that never sends legitimate mail and thus has none of these
>>> records present in the DNS.
>>
>> Yes, but that was for a different use case. It was , AIUI,
>considered that
>> reporting could be skipped on such 'non-existant' domains, but that
>proved
>> problematic since such domains as these are used in mail.
>
>Wasn't it for rejecting non-existent domains? That is, IIRC,
><sciencefiction>
>as if there were a root DMARC record (_dmarc.) with
>np=reject.</sciencefiction>
I think no. I think it was about skipping reporting on 'non-existant' domains.
Perhaps someone who was more involved at that point can clarify.
>> 'np' doesn't have the same issue. It uses non-existence in a
>positive (do
>> some processing) not a negative sense (reporting can be skipped for
>these),
>> so the problems described in that paragraph are not only not
>relevant, the
>> paragraph supports the case for 'np'.
>
>
>Uh? (I don't understand your parenthesized phrase...)
>
>
>At any rate, the first paragraph gives a definition of non-existence
>equal to
>the one we've been discussing these days, doesn't it?
>
Yes, but since we're using it for a different, opt-in, purpose, the caution
doesn't apply.
Scott K
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
