On Mar 3, 2008, at 12:38 PM, John Levine wrote: >> What is the functional or security reason for verifying that >> the domain exists, in terms of ASP. > > The short answer is in 3.2, where there's a different answer for "I > dunno" and "doesn't exist". > > As I recall, it's always been that way, but that's a good question. > > There's certainly plenty of reasons to be wary of mail with a return > address that doesn't exist, but baking that into ASP does feel like > mission creep, doesn't it?
If I recall the discussion correctly, it's that without that check then the absence of an ASP record was perceived to mean that the domain owner permitted mail to be sent with that hostname. Adding the check for existence of some record for the hostname means that in order to deploy ASP the sender needs only provide a TXT record corresponding to every hostname in use, not every conceivable hostname (which is impossible to do in any useful manner with standard DNS servers). As a concrete example, there is no ASP record for creditcard.billing.ebay.com, and without the domain existence check it would be difficult for ebay to assert ASP-style policy over all their domains. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
