IETF Logo Mail Archive

Re: [apps-discuss] Last Call: <draft-ietf-appsawg-nullmx-05.txt> (A NULL MX Resource Record for Domains that Accept No Mail) to Proposed Standard

Hector Santos <hsantos@isdg.net> Sun, 03 August 2014 16:49 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 347231A0AE8 for <apps-discuss@ietfa.amsl.com>; Sun, 3 Aug 2014 09:49:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.001
X-Spam-Level:
X-Spam-Status: No, score=-102.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uCwHvk7mD6Y for <apps-discuss@ietfa.amsl.com>; Sun, 3 Aug 2014 09:49:40 -0700 (PDT)
Received: from groups.winserver.com (news.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 913911A0AE7 for <apps-discuss@ietf.org>; Sun, 3 Aug 2014 09:49:40 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=3434; t=1407084577; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=/9t+c4b8P/REgKpHXvkl+u00Bqg=; b=Z0AzEL5mWJpoSlRDEggP bofOmFfrCgFJpmnNVzH6hZmLzeeOsLkKyHVNfYZ3ACew4xen/ZlsxK92WclHxixd ngtocWK3Veta0fp+QqJGjarzTvDFtpx7N3faMlcHrSTAKEJZimf5r4d2fLKTSa2/ 4vshUqWLkE4UP5uGQzZTSt0=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for apps-discuss@ietf.org; Sun, 03 Aug 2014 12:49:37 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 2269679483.6846.3088; Sun, 03 Aug 2014 12:49:36 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=3434; t=1407084313; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=72J1CX+ ZTAk7vNHc5ifPiZfJC8wO2/FxWH5biqARv0c=; b=aVqYDkm9r27q9qfOgQTnp8v AKSzl8IhbR2gM6fMXmWgWKXNMediXMZZ4Qn1bxmWVmUn4M3yhvmTj41E5ykG0+cq kLUFIFNIw/dZym6AyR5Eay16JRbFNesKAas4dwwLSmVdQUTmN+Hs8HdcuR18kxOk VSjQzvZ37QPOeRubNIcM=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for apps-discuss@ietf.org; Sun, 03 Aug 2014 12:45:13 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 862160593.9.4852; Sun, 03 Aug 2014 12:45:12 -0400
Message-ID: <53DE681C.4080607@isdg.net>
Date: Sun, 03 Aug 2014 12:49:32 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: dcrocker@bbiw.net, apps-discuss@ietf.org
References: <20140718160344.52645.qmail@joyce.lan> <53DCEB4E.3040304@dcrocker.net>
In-Reply-To: <53DCEB4E.3040304@dcrocker.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/8N5fbRsUs0eu69PRvvgZGCS0wjc
Cc: ned.freed@mrochek.com
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-nullmx-05.txt> (A NULL MX Resource Record for Domains that Accept No Mail) to Proposed Standard
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 16:49:45 -0000

On 8/2/2014 9:44 AM, Dave Crocker wrote:
> On 7/18/2014 9:03 AM, John Levine wrote:
>>>> I don't recall reading this in the document. It's a good point. IM personal
>>>> O it's more important than either 4.1, 4.2 and 4.3. Add it, please.
>>>
>>> I agree with Arnt here. Not having a code for this is an obvious omission,
>>> and this is chance to address it.
>>
>> Please send text, or at least a three part number.
>
>
> Shepherd hat:
>
>     I haven't seen any follow-up to John's request, although support for
> adding an extended code looks pretty solid.
>
>     It really would help for someone who is strongly in favor of adding
> the code to write up the necessary text, to be added to the draft.
>


Currently, SMTP (RFC5321) current recommends 550 or 553.  Reasons 
explained below, but 554 may be the better match based on documented 
specs.  First some background ........

There has always been a long time resistance (for good reason) towards 
SMTP-based CBV "Call Back Verifiers" methods where a small footprint 
SMTP client is used to verify the validity of the 5321.Mail From 
address a.k.a Return Path or reverse-path at the SMTP transaction level.

The NULL MX can be used as short circuiting method to minimize the CBV 
overhead where it is used. Currently, the CBV is one the highest 
payoff for fraud detection and can be found to be used abeit at the 
smaller scale despite the obvious IETF concerns about it.

Our CBV currently uses a straight forward 550 rejection when the 
return path can not be validated.   Based on 11 years of CBV usage, 
IMO, what would be more important to convey is *WHEN* the NULL MX can 
be performed; at the MAIL FROM state or the RCPT TO state.

Each receiver site has a different rate of 55x user rejections at the 
RCPT TO level.

For our site, since 2003, it can be a consistently high 50-60%.  This 
translates to the 50-60% reduction in DNS MX lookup overhead when any 
DNS-based check can be delayed from MAIL FROM to RCPT TO, and that 
includes the SPF check where this optimization need was first discovered.

However, this idea of delaying the return path check until the 
forwarding address is known was discussed in RFC5321 section 3.3:

    3.3.  Mail Transactions

                                                    Despite the apparent
    scope of this requirement, there are circumstances in which the
    acceptability of the reverse-path may not be determined until one or
    more forward-paths (in RCPT commands) can be examined.  In those
    cases, the server MAY reasonably accept the reverse-path (with a 250
    reply) and then report problems after the forward-paths are received
    and examined.  Normally, failures produce 550 or 553 replies.

In short, this is the closest thing we have to an IETF "sanctioned" 
logistic for checking reverse-path with a recommended response code.

However, according to SMTP, probably 554 is a closer match for a NULL 
MX reason:

SMTP (RFC5321) has the following example definitions for the three codes:

    550  Requested action not taken: mailbox unavailable (e.g., mailbox
         not found, no access, or command rejected for policy reasons)

    553  Requested action not taken: mailbox name not allowed (e.g.,
         mailbox syntax incorrect)

    554  Transaction failed (Or, in the case of a connection-opening
         response, "No SMTP service here")

So probably 554 would be the proper code for a a "No SMTP Service 
Here" NULL MX check operation.


-- 
HLS

v2.23.0 | Report a Bug | By Email