On Tue, Dec 21, 2021 at 4:31 AM Scott Kitterman <skl...@kitterman.com> wrote:
> I don't remember exactly why we settled on A/ AAAA/ MX, but the lack of a > clear, actionable definition is why we included one. Lack of DNS records > related to email authentication only means lack of email authentication, > which is in no way required. Given the way most systems are typically > architected, by the time you are doing email authentication, A or AAAA and > MX will already be in the local cache, so this is a pretty inexpensive > thing to check. > It comes from SMTP itself. RFC 5321 and its antecedent(s) specify that to identify the next hop for a message needing routing, you look up the MX for the recipient's domain. If that's missing, you try the A/AAAA for that same name. If that's also missing, the message is undeliverable. Since that test has worked well for SMTP for rather a long time, DMARC adopted it. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc