>So attacker now gets smarter and sends as [EMAIL PROTECTED] >Is there a policy record there? No. Can I populate every possible >subdomain there? Not with DNS wildcards, therefore no. Uh-oh.
We ran into just this problem while defining CSV, the "like wildcards except that we use prefixes" problem. Having gone around this a lot of times, I think I can say with confidence that there are a lot of hacks, some rather clever, but there is no good solution. The suggestion that SSP would fail if a domain doesn't have at least one of MX, A, or AAAA (perhaps with intervening CNAMEs) is intriguing, but it would have the effect of adding the same condition to RFC 821 or 2821 since SSP users would thereby decree such mail to be undeliverable.. I entirely agree that it is unlikely that one will get legit mail from an address without enough DNS to write back, but this is severe standards mission creep. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
