North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [policy] When Tech Meets Policy...

  • From: Douglas Otis
  • Date: Tue Aug 14 18:26:55 2007



On Aug 14, 2007, at 9:29 AM, Al Iverson wrote:


On 8/14/07, Tim Franklin <[email protected]> wrote:

On Tue, August 14, 2007 1:48 am, Douglas Otis wrote:


For domains to play any role in securing email, a published MX record should become a necessary acceptance requirement. Using MX records also consolidates policy locales which mitigates some DDoS concerns.

What if there's no intention to use the domain for email?


I've become annoyed enough in the other direction, owning domains *only* used for email and dealing with irate people insisting I'm domain-squatting and must sell them the domain cheaply right now because there's no A record for www.what.ever.

I'm annoyed enough in the original direction. I, like many thousands of people, have some domains that I don't use for email, so they don't have an MX record. How do you enforce this new requirement? Who chases it down? How does it stop domain tasting? If this is ultimately to stop domain tasting abuse, why not instead stop domain tasting? It seems like this simply add rules that somebody has to figure out to who enforce, and I'm not exactly inspired to think that it'll be enforced regularly or properly.

All registrations MUST incur a nominal charge applied uniformly. Remove the option permitting domain registration at little or no cost. End of problem.


This seems like creating a requirement that people must implement mosquito nets to solve the mosquito problem, instead of focusing on removing the mosquitos.

This comment was added as a follow-on note. Sorry for not being clear.


Accepting messages from a domain lacking MX records might be risky due to the high rate of domain turnovers. Within a few weeks, more than the number of existing domains will have been added and deleted by then. Spammers take advantage of this flux. Unfortunately SMTP server discovery via A records is permitted and should be deprecated. Once MX records are adopted as an _acceptance_ requisite, domains not intended to receive or send email would be clearly denoted by the absence of MX records. SMTP policy published adjacent to MX records also eliminates a need for email policy "discovery" as well. Another looming problem.

Don't accept a message from a domain without MX records. When there is no policy record adjacent to the MX record, there is no policy, and don't go looking.

-Doug