Hello Oliver,
Gellner, Oliver via mailop <mailop@mailop.org> (Di 28 Mär 2023 12:18:59 CEST):
> > If the query for _domainkey.bsi.de would return a no-data answer, than
> > I can assume that they have someing below that name (most probably
> > selectors I do not know until I get a mail from them.)
>
> Ok, I see your point. However as RFC 8020 mentions:
> "in most known existing resolvers today, a cached nonexistence for a domain
> is not considered "proof" that there can be no child domains underneath."
Oh, that I didn't see. So thanks for the pointer.
But - they talk about resolvers and cache. I'd assume that asking the
responsible server shouldn't return the NXDOMAIN, unless it doesn't
follow the RFC?
> $ host _domainkey.rubrik.com.
> Host _domainkey.rubrik.com. not found: 3(NXDOMAIN)
> $ host spk._domainkey.rubrik.com.
> spk._domainkey.rubrik.com. is an alias for
> spk.domainkey.u6545542.wl043.sendgrid.net.
Hm. Even asking one of the NS for this domain returns NXDOMAIN. That
would extend the RFC8020 statement to the servers too.
> bsi.de is a bad example as it really doesn't have any DKIM selectors, since
> this domain is not used for sending emails.
Which leads to another question.
*How* can I tell, in case I get a (faked) mail from bsi.de, that they do
not use the domain for sending?
- I can do "cold" recipient verification by an MX lookup for the sending
domain. bsi.de has MX records. I'd expect a null MX record if they do
not expect messages messages sent to them (which could be bounces).
- If they would provide DMARC, even for the unused domain, they would help
me filtering messages claiming to come from their domain.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
