IETF Logo Mail Archive

Re: Last Call: draft-klensin-rfc2821bis

John C Klensin <john-ietf@jck.com> Thu, 20 March 2008 17:06 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B385928C701; Thu, 20 Mar 2008 10:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.653
X-Spam-Level:
X-Spam-Status: No, score=-100.653 tagged_above=-999 required=5 tests=[AWL=-0.216, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bu726EebibH1; Thu, 20 Mar 2008 10:06:52 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 41A3828C6B1; Thu, 20 Mar 2008 10:06:52 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E855528C667 for <ietf@core3.amsl.com>; Thu, 20 Mar 2008 10:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hmmTkcwrEpKE for <ietf@core3.amsl.com>; Thu, 20 Mar 2008 10:06:49 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id 4429028C6B1 for <ietf@ietf.org>; Thu, 20 Mar 2008 10:06:49 -0700 (PDT)
Received: from [127.0.0.1] (helo=p3.JCK.COM) by bs.jck.com with esmtp (Exim 4.34) id 1JcOBl-000IhF-DM; Thu, 20 Mar 2008 13:04:25 -0400
Date: Thu, 20 Mar 2008 13:04:23 -0400
From: John C Klensin <john-ietf@jck.com>
To: Douglas Otis <dotis@mail-abuse.org>, ietf list <ietf@ietf.org>
Subject: Re: Last Call: draft-klensin-rfc2821bis
Message-ID: <00FAD8D657788EE0AF286725@p3.JCK.COM>
In-Reply-To: <ECB5B617-410A-43E2-9594-437F03DB17A9@mail-abuse.org>
References: <20080227171826.98C293A6AFE@core3.amsl.com> <fq67g8$6mj$1@ger.gmane.org> <ECB5B617-410A-43E2-9594-437F03DB17A9@mail-abuse.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Disposition: inline
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Doug,

I'm sorry, but I can't understand what you are talking about.
That is at least in part because you are using vocabulary that
does not appear in 2821bis or other common IETF standardized
email technology.  You also seem to be making assumptions that
aren't part of the 2821 model (whether they are valid or not).

In 2821 and its predecessors, MX records and the associated
preferences were specified as the preferred mechanism for
finding the next-hop SMTP server.   There was also a special
case, originally part of a transition mechanism for RFC 974,
that, if no MX records were found for a particular name, one or
more A RRs would be located for the name and treated as if they
were the targets of an MX record with preference zero.

While various implementations have been more permissive over
time, the data field in an MX RR has always been expected to be
a DNS name that would, in turn, resolve to one or more A RRs.

That is the mechanism that has been used for Internet mail over
IPv4 for many years.  

Now, as far as I know, 2821bis makes only two changes in this
area.  The first is to be explicit about the expected data value
in MX records.  The second is to explicitly specify that names
with AAAA records are permitted as an alternative to names with
A records.  Without that change, which was anticipated in 2821
but not as explicit because of the state of development
experience at the time, it would be impossible to run SMTP over
IPv6 without local imaginative extensions of the standard.

It does not provide for an extension of the "if there are no MX
records, look for an A RR" model because the mailing list
concluded that the transition mechanism was not needed for IPv6
transition and because it would have required the standard to
specify preferential rules for A and AAAA records.   It seemed
much better to let those configuring mail systems to use the
existing MX preference mechanism to specify what treatment they
thought appropriate.

That is really all the material to which you refer does (or
changes).

Now, are you suggesting that:

(1) It is time to abandon the current Internet email fabric in
terms of, e.g., your "notify and retrieve" proposals?

(2) That we should not specify operation of SMTP over IPv6 but
either prohibit that or leave it to the imagination?

(3) That MX records are so useless that we should deprecate them
and embark on some other "discovery" mechanism rather than
updating 2821?

(4) Something else?

      john


--On Thursday, 20 March, 2008 09:33 -0700 Douglas Otis
<dotis@mail-abuse.org> wrote:

> While this response may be a bit late, the change in section
> 5.1   indicating SMTP server discovery now explicitly supports
> IPv6 address   records represents a significant change from
> RFC2821.
> 
> While a desire to retain current practices has some
> justification,   extending an already dubious and archaic
> practice to the explicit use   of IPv6 raises significant
> questions.
> 
> The level of misuse afflicted upon SMTP often results in an  
> exploration of DNS SMTP discovery records to determine whether
> a   purported domain might be valid in the forward direction.
> To remain   functional, reverse DNS checks are often avoided
> due to the poor level   of maintenance given this zone.  A
> move to deprecate A records for   discovery when performing
> these checks to ascertain domain validity   would favourably
> impact the level of undesired transactions.  To   combat
> rampant domain spoofing, some domains also publish various  
> types of SMTP related policy records.  To counter problems
> related to   wildcard policy records, a lack of policy may be
> conditioned upon   presences of possible SMTP discovery
> records.
> 
> Adding IPv6 to the list transactions needed to qualify SMTP
> domains   that is predominately triggered by geometrically
> growing levels of   abuse or misuse appears to be a remarkably
> poor choice.  To suggest a   domain might reply upon this
> mechanism again appears to be remarkably   poor advice.
> Reliance upon a communication system should not be  
> predicated upon such a questionable mechanisms.  During the
> next   disaster, would you want FEMA to not use MX records or
> to depend upon   IPv6 address records?  Not including IPv6 as
> a discovery record would   better protect networks in the face
> of growing misuse of SMTP while   also better ensuring the
> integrity of SMTP.
> 
> -Doug
> _______________________________________________
> IETF mailing list
> IETF@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf




_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email