Re: [apps-discuss] Review of: draft-ietf-appsawg-nullmx-00

[Dave Crocker <dhc@dcrocker.net>]

On 2/21/2014 10:43 AM, Murray S. Kucherawy wrote:
> On Fri, Feb 21, 2014 at 6:44 AM, Dave Crocker <dhc@dcrocker.net
> <mailto:dhc@dcrocker.net>> wrote:
>
>     Except that 'authorized' is the essential point, to distinguish between
>     legitimate uses and spoofing, etc. uses.  The word 'legitimate' doesn't
>     work well here. So 'authorized' seems the next closes.
>
>     There are three essential problems with the original wording. The first
>     is that domains don't 'send' mail. Also the word 'send' is frankly
>     ambiguous in its own right here. And lastly is that the stricture needs
>     to cover keep the domain name out of a number of different fields.
>
>
> My problem is that "SHOULD NOT be authorized for use" is a concept that
> exists entirely inside the ADMD creating the content; it points to
> something that's not subject to interoperability.  "SHOULD NOT be used",
> by contrast, is something that a receiver can evaluate.

We've all locked into some interesting linguistic challenges, though 
they seem to be getting cast in terms of a kind of email protocol challenge.

To start:  I'm not trying to change any existing email standards and 
don't think the current topic will do that.,

Rather, I'm trying to do two other things.  One is to distinguish 
between activities authorized by the domain owner, versus those outside 
of the owner's control.  And then to suggest proscription of what the 
domain owner authorizes for use.

Simply put:  If one publishes a NULL MX for the name, one shouldn't use 
that domain for an email address anywhere.  (Tony's language was good 
for that I think.)  And I've no idea whether should or must should be 
used -- and don't much care.

But the linguistic wrinkle is that those nasty spoofers are sitting out 
there, getting in the way of generic language like "should not be used".

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net