idnits 2.17.1 draft-ietf-appsawg-nullmx-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 27, 2014) is 3588 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Levine 3 Internet-Draft Taughannock Networks 4 Intended status: Standards Track M. Delany 5 Expires: December 29, 2014 Apple Inc. 6 June 27, 2014 8 A NULL MX Resource Record for Domains that Accept No Mail 9 draft-ietf-appsawg-nullmx-05 11 Abstract 13 Internet mail determines the address of a receiving server through 14 the DNS, first by looking for an MX record and then by looking for an 15 A/AAAA record as a fallback. Unfortunately this means that the A/ 16 AAAA record is taken to be mail server address even when that address 17 does not accept mail. The NULL MX RR formalizes the existing 18 mechanism by which a domain announces that it accepts no mail, which 19 permits significant operational efficiencies. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on December 29, 2014. 38 Copyright Notice 40 Copyright (c) 2014 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 3. The NULL MX Resource Record . . . . . . . . . . . . . . . . . 3 57 4. Effects of NULL MX . . . . . . . . . . . . . . . . . . . . . 3 58 4.1. SMTP Server Benefits . . . . . . . . . . . . . . . . . . 3 59 4.2. Dealing with undeliverable and abusive mail . . . . . . . 3 60 4.3. Domains that Do Not Send Mail . . . . . . . . . . . . . . 4 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 7.1. Normative References . . . . . . . . . . . . . . . . . . 4 65 7.2. Informative References . . . . . . . . . . . . . . . . . 5 66 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 5 67 A.1. Change to appsawg-nullmx-05 . . . . . . . . . . . . . . . 5 68 A.2. Change to appsawg-nullmx-04 . . . . . . . . . . . . . . . 5 69 A.3. Change to appsawg-nullmx-03 . . . . . . . . . . . . . . . 5 70 A.4. Change to appsawg-nullmx-02 . . . . . . . . . . . . . . . 5 71 A.5. Change to appsawg-nullmx-1 . . . . . . . . . . . . . . . 5 72 A.6. Change to appsawg-nullmx-0 . . . . . . . . . . . . . . . 6 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 75 1. Conventions Used in This Document 77 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 78 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 79 document are to be interpreted as described in [RFC2119]. 81 2. Introduction 83 This document formally defines the "NULL MX" as a simple mechanism by 84 which a domain can indicate that it does not accept email. 86 SMTP clients have a prescribed sequence for identifying a server that 87 accepts email for a domain. Section 5 of [RFC5321] covers this in 88 detail, but in essence the SMTP client first looks up a DNS MX RR and 89 if that is not found it falls back to looking up a DNS A or AAAA RR. 90 Hence this overloads an email service semantic onto a DNS record with 91 a different primary mission. 93 If a domain has no MX records, senders will attempt to deliver mail 94 to the hosts at the domain's A or AAAA record's addresses. If there 95 is no SMTP listener at the A/AAAA address, message delivery will be 96 attempted repeatedly for a long period, typically a week, before the 97 sending MTA gives up. This will delay notification to the sender in 98 the case of misdirected mail, and will consume resources at the 99 sender. 101 This document defines a NULL MX that will cause all mail delivery 102 attempts to a domain to fail immediately, without requiring domains 103 to create SMTP listeners dedicated to preventing delivery attempts. 105 3. The NULL MX Resource Record 107 To indicate that a domain does not accept email, it advertises a 108 single MX RR (see [RFC1035], section 3.3.9) with an RDATA section 109 consisting of preference number 0, and a dot, i.e., the DNS root, as 110 the exchange domain, to denote that there exists no mail exchanger 111 for a domain. The DNS root is not a valid host name, so a NULL MX 112 record can not be confused with an ordinary MX record. 114 A domain MUST NOT advertise multiple MX RRs including a NULL MX. 116 4. Effects of NULL MX 118 The NULL MX record has a variety of efficiency and usability 119 benefits. 121 4.1. SMTP Server Benefits 123 The ability to detect domains that do not accept email offers many 124 resource savings to an SMTP client. It will discover on the first 125 sending attempt that an address is not deliverable, avoiding queuing 126 and retries. 128 A receiving SMTP server that chooses to reject email during the SMTP 129 conversation that presents an undeliverable RFC5321.MailFrom or 130 RFC5322.From domain (see [RFC5598] for the definitions of these 131 terms) can be more confident that an attempt to send a Delivery 132 Status Notification or other response will reach a recipient SMTP 133 server. 135 4.2. Dealing with undeliverable and abusive mail 137 Mail often has an incorrect address due to user error, where the 138 address was mistranscribed or misunderstood, for example, to 139 alice@www.example.com or alice@example.org or alice@examp1e.com 140 rather than alice@example.com. NULL MX allows a mail system to 141 report the delivery failure when the user sends the message, rather 142 than hours or days later. 144 Senders of abusive mail often use forged undeliverable return 145 addresses. NULL MX allows DSNs and other attempted responses to such 146 mail to be disposed of efficiently. 148 4.3. Domains that Do Not Send Mail 150 The operator of an SMTP server might prefer to reject mail with a 151 RFC5321.MailFrom or RFC5322.From domain that publishes NULL MX, since 152 a non-delivery notice or response will not be accepted, and 153 legitimate mail rarely comes from domains that do not accept replies. 155 SMTP servers that reject mail because a MAIL FROM domain has a NULL 156 MX record SHOULD use a 550 reply code and a 5.1.2 enhanced status 157 code [RFC3463]. 159 A domain that does not accept mail, as declared by NULL MX, often 160 will also not send mail. Operators can publish SPF -all[RFC7208] 161 policies to make an explicit declaration that domains send no mail. 163 5. Security Considerations 165 SMTP mail is inherently insecure since it does not validate any of 166 the e-mail addresses in the message or envelope. This specification 167 is about eliminating one small section of SMTP insecurity. 169 In the unlikely event that a domain legitimately sends email but does 170 not want to receive email, SMTP servers that reject mail from domains 171 that advertise a NULL MX risk losing email from those domains. The 172 normal way to send mail for which a sender wants no responses remains 173 unchanged, by using an empty RFC5321.MailFrom address. 175 Within the DNS, a NULL MX RR is an ordinary MX record and presents no 176 new security issues. If desired, it can be secured in the same 177 manner as any other DNS record using DNSSEC. 179 6. IANA Considerations 181 This document makes no requests of IANA. 183 7. References 185 7.1. Normative References 187 [RFC1035] Mockapetris, P., "Domain names - implementation and 188 specification", STD 13, RFC 1035, November 1987. 190 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 191 Requirement Levels", BCP 14, RFC 2119, March 1997. 193 [RFC3463] Vaudreuil, G., "Enhanced Mail System Status Codes", RFC 194 3463, January 2003. 196 [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, 197 October 2008. 199 7.2. Informative References 201 [RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598, July 202 2009. 204 [RFC7208] Kitterman, S., "Sender Policy Framework (SPF) for 205 Authorizing Use of Domains in Email, Version 1", RFC 7208, 206 April 2014. 208 Appendix A. Change Log 210 *NOTE TO RFC EDITOR: This section may be removed upon publication of 211 this document as an RFC.* 213 A.1. Change to appsawg-nullmx-05 215 Fix ID nits, add NULL IANA section. More editorial cleanup. 217 A.2. Change to appsawg-nullmx-04 219 Reorganize. 221 A.3. Change to appsawg-nullmx-03 223 Editorial nits per Murray. 225 A.4. Change to appsawg-nullmx-02 227 Should not publish NULL MX with other MX. 229 Never say never. 231 Add 5.1.2 enhanced status code. 233 Minor editorial changes. 235 A.5. Change to appsawg-nullmx-1 237 Editorial improvements per D. Crocker's review. 239 A.6. Change to appsawg-nullmx-0 241 Fix typos. 243 Authors' Addresses 245 John Levine 246 Taughannock Networks 247 PO Box 727 248 Trumansburg, NY 14886 250 Phone: +1 831 480 2300 251 Email: standards@taugh.com 252 URI: http://jl.ly 254 Mark Delany 255 Apple Inc. 256 1 Infinite Loop 257 Cupertino, CA 95014 259 Email: mx0dot@yahoo.com