>From a DNS perspective I don't like MX . As it falls into the category
>'folklore', it is an essentially undocumented feature of the infrastructure
>known only to some.
>From the perspective of DKIM goals I would be entirely happy to document and
>make use of MX . as an interim measure.
In the longer term I would much prefer to see us defining a NOMAIL policy
within DKIM.
Putting it all together we have two options for publishing policy:
1) If your DNS server does not support new RRs
Specify DKIM policy 'I always sign' using the prefix TXT record at
specifc nodes
Specify NOMAIL policy 'I never send' using MX-dot (which can be
wildcarded as normal)
2) If your DNS server does support new RRs
Specify DKIM policy 'I always sign' using the prefix TXT record
Specify NOMAIL policy 'I never send' using the prefix TXT record
Use XPTR to address the wildcard issue wherever necessary
The administrative wildcard issue is mostly an issue with the newer DNS
servers. The DNS wildcard semantics were botched in the original RFC and there
being no strong interoperability driver every server implemented in a different
way.
The need for consistency only appeared with DNSSEC and that is when the
wildcard semantics were redefined. Most DNS servers offer a choice of the old
and 'standard' semantics. I don't think it should be too hard to persuade them
to support administrative wildcards, something we need regardless of DKIM.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Atkins
> Sent: Saturday, June 02, 2007 11:53 PM
> To: Untitled WG
> Subject: Re: MX dot RE: [ietf-dkim] TXT wildcards SSP issues
>
>
> On Jun 2, 2007, at 8:21 PM, Hallam-Baker, Phillip wrote:
>
> > Steve,
> >
> > Could you expand on this somewhat?
> >
> > We may be able to push the beastly wildcard issue into touch
> > altogether here.
>
> I suspect not, but it's worth a try.
>
> > What is the deployed base for MX . ?
>
> I've no idea. I have a zone file and some survey code, but
> haven't pointed it at that question yet - it may be time to
> take a look.
>
> > How widely is it recognized?
>
> Fairly widely, I suspect, by spam filters that look for a
> deliverable email address in the envelope from. All "MX ."
> does is provide an invalid MX record that's easily recognized
> as being intentional (similar to the .invalid pseudo-TLD in
> many respects).
>
> http://ietfreport.isoc.org/idref/draft-delany-nullmx/ is the
> (expired) draft
> that formalizes the concept, and it was somewhere between
> discussed and common knowledge for at least a couple of years
> before it was drafted in '05.
>
> > Used?
>
> Not as widely as I thought, apparently. I'm not sure.
>
> Cheers,
> Steve
>
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
