Re: [mailop] Fallback to A/AAAA?

Sat, 01 Feb 2025 00:26:31 -0800 

On 2025-01-31 09:13:24 (+0800), Viktor Dukhovni via mailop wrote:
On Fri, Jan 31, 2025 at 12:41:58AM +0000, Matt Palmer via mailop wrote:
On Thu, Jan 30, 2025 at 02:03:51PM +0100, Matus UHLAR - fantomas via mailop wrote:
Nowadays, we can mark domains that don't send mail using Null MX (rfc 7505). 

The title of RFC7505 is "A "Null MX" No Service Resource Record for
Domains That ***Accept No Mail***" (emphasis added).  Assuming that a

domain that contains a null MX record will not send mail seems doomed 
to

false positives.


Domains that do not *send* mail can indicate that with an all-deny 
SPF

record.



I'm afraid that sending email from a NullMX domain that does not 
accept

any bounces, replies, postmaster queries, ... is a lost cause.  Plenty
of systems will reject attemtps to send mail from such a domain, mine
included, and I, for one, have not intention of changing that.



One additional observation to note here: some places also reject mail 
from individual hosts that have a nullMX record, even if the domain has 
no nullMX record.



E.g. an installation with separate servers for inbound and outbound 
email.  The outbound server has proper FcrDNS and follows all other best 
practices.  If the outbound server has a nullMX record, some sites will 
block it.


example.net. MX 10 mail-in.example.net.
mail-in.example.net. A 192.0.2.25
mail-in.example.net. AAAA 2001:db8::25
example.net. TXT "v=spf1 ip4:192.0.2.26 ip6:2001:db8::26 ~all"
mail-out.example.net. A 192.0.2.26
mail-out.example.net. AAAA 2001:db8::26
mail-out.example.net. MX 0 .


Even if the mail-in.example.net is happy to accept bounces, replies, 
postmaster queries etc.  And mail-out.example.net never appears in an 
envelope or anywhere else that would solicit email: some sites will 
block mail from mail-out.example.net.



If you want to be able to send mail, don't say you're not receiving 
mail. :)  It's also a good idea to make sure your mail-out.example.net 
listens on port 25 ... some very naive places try to connect and get 
cranky if they can't open a socket.



I discovered this in a setup that templates "MX 0 ." on every host that 
is not expected to receive mail.


Philip
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop























					Reply via email to