This is a discussion on Re: bogusmx [Was: DNS restrictions for a mail server] - SpamAssassin ; Hi Michael, At 08:58 23-10-2008, Michael Scheidell wrote: >Why? Its being widely used by 'email experts' and hosted email anti-spam >companies now. The section of the SMTP standard that discusses about MX records is commonly misinterpreted by some people. Even ...
At 08:58 23-10-2008, Michael Scheidell wrote:
>Why? Its being widely used by 'email experts' and hosted email anti-spam
The section of the SMTP standard that discusses about MX records is
commonly misinterpreted by some people. Even if CNAMEs are widely
used, that doesn't mean that it is correct. A lot of things works
99% of the time.
Quoting RFC 2182 which explains the matter:
"Searching for either NS or MX records causes "additional section
processing" in which address records associated with the value of the
record sought are appended to the answer. This helps avoid needless
extra queries that are easily anticipated when the first was made.
Additional section processing does not include CNAME records, let
alone the address records that may be associated with the canonical
name derived from the alias. Thus, if an alias is used as the value
of an NS or MX record, no address will be returned with the NS or MX
value. This can cause extra queries, and extra network burden, on
every query. It is trivial for the DNS administrator to avoid this
by resolving the alias and placing the canonical name directly in the
affected record just once when it is updated or installed. In some
particular hard cases the lack of the additional section address
records in the results of a NS lookup can cause the request to fail."
The SMTP standard discusses how to locate a target host and points to
the above section to explain the prohibition of CNAMEs. A strict
reading of the section about locating a target host shows that the
behavior is undefined when CNAMEs are used. This means that you
might end up with unexpected results. One can go back to the
standard about mail routing to understand how mail preferences are
processed to determine where a message should be delivered. That
influenced the decision on discouraging CNAMEs in the data section of MX RRs.
My comment is not about bogusmx or antispam; it's about how to
determine in a reliable way where to deliver a message.