The MX/A/AAAA test is an appropriate tool for verifying the probable existence of a return-path based on the RFC5321.MailFrom address. In the early days, the requirement to send and receive non-delivery reports meant that all mail systems had to participate bi-directionally. This is no longer the case. Non-delivery reports are officially discouraged, and many messages announce that the return-path is unusable with a NoReply username. For testing RFC5321.MailFrom, SPF is now a necessary part of the calculation, so its absence from the proposed test is baffling. Additionally, use of MX/A/AAAA as a substitute for a missing SPF policy is now discouraged in some circles.
The A/AAAA portion of the test reflects a necessary transition process to MX, but that process should be complete for any domain with enough sophistication to publish DMARC policies. As defined in RFC 5321, the A/AAAA test does not even require that the A/AAAA record be a domain-level name. We know that there are many more A/AAAA records than mail systems, so we can be certain that the test will produce false positives. Equally important, the RFC5322.From address has no necessary connection to an actual mail server, since the From address can be used exclusively for messages sent by an EMail Service Provider (ESP) using the ESP's identity for the RFC5321.MailFrom? address. Consequently, the relevance of the MX/A/AAAA test for distinguishing between SP and NP is lacking. In sum, the test will produce both false positives and false negatives, making its value doubtful, and it has at best a tenuous connection to the way that RFC5322.From addresses are actually used.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
