Hello,
Am 07.05.2023 um 21:12 schrieb Gellner, Oliver via mailop:
While I’m not affiliated with Yahoo, I see no reason to bash them in this
regard. To reduce spam they don’t want to accept emails from made-up /
non-existing domains, which is a legit concern. They query for SOA records
to verify whether a given domain exists, which is unusual but actually less
strict than requiring additional A or MX records.
as others already said: An MX record should be sufficient for email delivery.
An A/AAAA record is only OK, if there is an SMTP server on that IP address. In
most cases it isn't. This SOA check for me is another thing that makes email
more unusable. Spammers are bad, anti-spam sometimes make it worse :-/
Other domains in the PSL (eg. uberspace or DynDNS providers) also have users
behind subdomains as far as I know. But I assume that they don't have much
email traffic with that subdomains in the from part.
Even without the help of Yahoo the issue can be fixed by removing
in-berlin.de from the PSL or by not spanning a single DNS zone across
unrelated domains which are in no trust relationship to each other.
I added our domains to the PSL several years ago, because the users that are
having subdomains below in-berlin.de don't have any relationship to each
other. They have their websites (on our servers or their own servers) and
there could be cookie issues across subdomains that we would like to avoid for
security reasons.
Yes, we could solve this issue. We would need to create several hundred
separate zones, one for every subdomain. That's possible and can be scripted,
but all the provisioning in the backend needs to be adjusted to this new
situation. Unfortunately this is not done in an evening, but perhaps faster
than anything Yahoo can do.
Another option could be to simply fake the SOA record with LUA in PowerDNS. We
are currently using Bind, but are planning to migrate to PowerDNS in the
future. This might be another usecase of PowerDNS.
I have created a separate zone testchris2.in-berlin.de for temporary testing.
This subdomain now has a SOA record. Email delivery to Yahoo is working as
expected for this subdomain.
Many thanks to all of you for your ideas and responses. It really helped me to
get a step further. Now it would be great to hear anything directly from Yahoo
(on this list or off-list). How is the SOA check implemented and why? I don't
think that it really helps to fight against spam.
Thanks and kind regards
Chris
--
Individual Network Berlin e.V. : [email protected] : [email protected]
Tel +49-30-45494343 ::: Fax +49-30-45494344 ::: Web https://www.in-berlin.de/
IN-Berlin e.V. : Christian Seitz (1. Vors.) : Lehrter Str. 53 :: 10557 Berlin
Amtsgericht Charlottenburg 95 - VR 15669 Nz ::::::: USt.Ident-Nr. DE188894648
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
