DNS passthrough on no explicit result?

[John Miller]

On Fri, Jan 31, 2014 at 12:41 PM, Vernon Schryver <vjs at rhyolite.com> wrote:

> >                                         You have records which absolutely
> > need to be public: SPF, MXs--mail won't work otherwise.
>
> I hope I misunderstood the intended meaning or context of those words,
> because their literal, context free meaning that SPF and MX records
> are required by SMTP is wrong.
>
> SPF might be considered required by unsolicited or semi-solicited
> bulk mail senders to help large scale "free" mailbox providers gauge
> the legitimacy of mail advertisements.  Otherwise SPF is *not*
> required.  As proof consider both this message and the DCC mailing
> lists (i.e. old school solicited bulk mail.)  In some cases SPF
> harms SMTP delivery, especially when combined with DMARC.
>
> Because I'm in neither the email advertising business nor the large
> scale "free" mailbox businesses, the only unambiguous use I've found
> for SPF records is to try to prevent mail.  I publish SPF RRs for some
> domains that send no mail in order to reduce NDRs or "bounces" of
> forged mail from bad SMTP servers (mail receivers) that fail to validate
> SMTP Rcpt_To values during the SMTP transaction.
>
>
> The case for MX records being required for SMTP is clear.  In the
> absense of an explicit MX record, the standards require SMTP clients
> (mail senders) to infer an implicit MX from derived A or AAAA records.
>
>
> Vernon Schryver    vjs at rhyolite.com
>


Indeed, the intent of my words was that SPF only makes sense if it's
public--presumably you set up trust between your internal mail servers in
other ways.  It's not required for SMTP to work--plenty of domains don't
use it.

Thank you for the correction, Vernon.

John

-- 
John Miller
Systems Engineer
Brandeis University
johnmill at brandeis.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140131/6211090d/attachment.html>