On 2021-12-05 20:40, John Levine wrote:
It appears that Scott Kitterman <[email protected]> said:
How about if it has a null MX and a DMARC record or DKIM keys?
Remember
that those records are at different names than the MX. ...
There's two ways we could go at this question:
1. A domain that, except for the null mx, would fit the criteria for
non-
existent. This would be kind of weird, since mull mx only makes sense
if you
have an A/AAAA, but I wouldn't think existence of a null mx alone
would be
enough to make the domain 'exist'.
2. A domain which has an A/AAAA and null mx. Since it claims to be a
no mail
domain, we could treat it as not existing for DMARC purposes. Since
RFC 7505
specifies null mx is for domains that don't accept mail, but is silent
on
sending mail, these should probably exist for DMARC purposes.
I think that your point is about #2 and I agree. #1 is definitely a
corner
case, but if the only thing there is a null mx, I'd be quite
comfortable
saying it doesn't exist.
It's about both. What if a domain has a null MX and a DMARC record?
Maybe it
has an SPF record, too.
For your #2 you seem to be saying that if I send no-reply transactional
mail,
my DNS would look like this:
notifiy.bigcorp.com. IN MX 0 . /* we don't receive replies /*
IN A 0.0.0.0 /* make the domain exist */
_dmarc.notify.bigcorp.com. IN TXT "v=DMARC1; p=reject; ..." /* it's
all aligned */
s._domainkey.notify.bigcorp.com. IN TXT "v=DKIM1; h=sha256;
p=MIIBIjANB..." /* it's signed */
thanks for another rule to mx check in mta stage
hopefully any-ip is just an example, not a real world test
should spf allow 0.0.0.0/0 ?, sadly it does
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
