On Tue 15/Jun/2021 01:19:03 +0200 Douglas Foster wrote:
It took me only one day to find examples of this;,non-existent subdomains used
on legitimate messages sent by mailing services. The FROM suffix correctly
reflects the parent organization, but the full email suffix does not appear in
DNS.
Me too. I reviewed my logs for 2021 and got this:
88 NXDOMAIN found out of 160,473 messages:
35 bounces (empty mailfrom),
26 not found host in an existing suffix,
27 totally astray.
Except for bounces, which just reflect a poorly configured server, I wouldn't
swear to their legitimacy. For the few samples of which I still have the
score, it was high.
However, to reject based just on NXDOMAIN is too harsh.
This situation means that we cannot distinguish between valid and invalid
email suffixes using DNS alone, we must require domain owner signalling.
I'd agree, but the idea of suggesting to signal such lack of registration over
the DNS is to diabolically persist on an error.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
