Re: Last Call: draft-klensin-rfc2821bis

While this response may be a bit late, the change in section 5.1  
indicating SMTP server discovery now explicitly supports IPv6 address  
records represents a significant change from RFC2821.

While a desire to retain current practices has some justification,  
extending an already dubious and archaic practice to the explicit use  
of IPv6 raises significant questions.

The level of misuse afflicted upon SMTP often results in an  
exploration of DNS SMTP discovery records to determine whether a  
purported domain might be valid in the forward direction.  To remain  
functional, reverse DNS checks are often avoided due to the poor level  
of maintenance given this zone.  A move to deprecate A records for  
discovery when performing these checks to ascertain domain validity  
would favourably impact the level of undesired transactions.  To  
combat rampant domain spoofing, some domains also publish various  
types of SMTP related policy records.  To counter problems related to  
wildcard policy records, a lack of policy may be conditioned upon  
presences of possible SMTP discovery records.

Adding IPv6 to the list transactions needed to qualify SMTP domains  
that is predominately triggered by geometrically growing levels of  
abuse or misuse appears to be a remarkably poor choice.  To suggest a  
domain might reply upon this mechanism again appears to be remarkably  
poor advice.  Reliance upon a communication system should not be  
predicated upon such a questionable mechanisms.  During the next  
disaster, would you want FEMA to not use MX records or to depend upon  
IPv6 address records?  Not including IPv6 as a discovery record would  
better protect networks in the face of growing misuse of SMTP while  
also better ensuring the integrity of SMTP.

-Doug
_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf