Hector Santos:
> Overall, although I do have many comments about the SSP draft, there is
> really just 1 thing that sticks out.
>
> Section 4.4, item 3:
>
> 3. The Verifier MUST query DNS for an MX record corresponding to
> the Originator Domain (with no prefix). This query is made only
> to check the existence of the domain name and MAY be done in
> parallel with the query made in step 2. If the result of this
> query is an NXDOMAIN error, the message is Suspicious and the
> algorithm terminates.
>
> NON-NORMATIVE DISCUSSION: Any resource record type could be
> used for this query since the existence of a resource record
> of any type will prevent an NXDOMAIN error. The choice of MX
> for this purpose is because this record type is thought to be
> the most common for likely domains, and will therefore result
> in a result which can be more readily cached than a negative
> result.
>
> This just seems out out of place for DKIM/SSP. The SMTP reality is that
> an MX may not be available and most production SMTP software will have
> logic or options for a specific NO MX rule:
>
> NO MX -> 1 or more A record lookup send mail attempts.
Hector,
As the text states, the above test does not require that the MX
record exists. It just requires that *something* exists. As long
as something exists, the result of MX lookup will be "no data" or
an MX record, but it won't be NXDOMAIN.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
