On 27/Aug/11 16:55, John Levine wrote: >>> any way to tell the difference. If it mattered, I'd suggest adding >>> a tag in the record saying which sort of name the record applies >>> to, with multiple records if need be. >> >> +1, how about Discovery-Origin? > > Seems a bit prolix when the other tags are r= and ru= but whatever
Oops, sorry John, I don't know why I was thinking of feedback fields. >>> Sec 9, security, the obvious problem is that a malicious sender can >>> publish "rp=o [email protected]" and indirectly mailbomb people. >> >> Should that be equivalent to a redirection? > > No, it might be real and it might not be. The point is that for this > not to be a DDoS vector, there needs to be some way to validate the > address before sending it reports. Perhaps, storing that in the DNS provides for easier verification than, say, an HTTP query. If example.org outsources report handling to example.com, the latter could publish a confirmation as example.org._report.example.com. CNAME _report.example.com. _report.example.com. TXT "rp=o [email protected]" or example.org._report.example.com. TXT "[email protected]" ; rp= retained from original record, or default. or example.org._report.example.com. CNAME _report.example.org. This way, a generator can confirm the external domain and fetch any relevant detail using a single extra query. In the latter example, the service accepts whatever settings its customer may define, but it can always revert to one of the former cases; that is, the real handler is in control of the target email address. Just an idea _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
