What does we mean for an RFC5322.From address to be “non-existent”? We have said that it is non-existent because it fails the MX/A/AAAA test, but we have not documented what that test represents. Perhaps it seemed obvious, but let's make it clear:
A failed MX/A/AAAA test is a very reliable indicator that the From address does not have a mailbox, because the associated domain does not have a mail server which accepts messages. “Does not exist” means that the message does not exist as a destination mailbox. But is that result information useful, and if so, how? What problem does it resolve? I estimate that 70% of the legitimate mail entering my organization is unidirectional – messages which do not expect a reply by email. Unidirectional traffic does not require an inbox. When we determine that a message does not have an inbox, we determine that it is definitely part of the 70%. I don't find anything actionable in that information. The RFC5322.From identifier is an abstraction which represents a message stream from a single entity acting as author. Everything that the author mails can be done through agents, where the agent is the SMTP From address. A review of actual mail messages will show that legitimate messages come from domains that do not have a mail server. In the general case, an author account or domain exists simply because the domain owner (or PSD) authorizes someone or something to use that name. Our goal needs to be a test which identifies domain names which have never been authorized by the domain owner or PSD. We need a different test. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
