Hello Oliver,
Gellner, Oliver via mailop <mailop@mailop.org> (Di 28 Mär 2023 12:18:59 CEST): > > If the query for _domainkey.bsi.de would return a no-data answer, than > > I can assume that they have someing below that name (most probably > > selectors I do not know until I get a mail from them.) > > Ok, I see your point. However as RFC 8020 mentions: > "in most known existing resolvers today, a cached nonexistence for a domain > is not considered "proof" that there can be no child domains underneath." Oh, that I didn't see. So thanks for the pointer. But - they talk about resolvers and cache. I'd assume that asking the responsible server shouldn't return the NXDOMAIN, unless it doesn't follow the RFC? > $ host _domainkey.rubrik.com. > Host _domainkey.rubrik.com. not found: 3(NXDOMAIN) > $ host spk._domainkey.rubrik.com. > spk._domainkey.rubrik.com. is an alias for > spk.domainkey.u6545542.wl043.sendgrid.net. Hm. Even asking one of the NS for this domain returns NXDOMAIN. That would extend the RFC8020 statement to the servers too. > bsi.de is a bad example as it really doesn't have any DKIM selectors, since > this domain is not used for sending emails. Which leads to another question. *How* can I tell, in case I get a (faked) mail from bsi.de, that they do not use the domain for sending? - I can do "cold" recipient verification by an MX lookup for the sending domain. bsi.de has MX records. I'd expect a null MX record if they do not expect messages messages sent to them (which could be bounces). - If they would provide DMARC, even for the unused domain, they would help me filtering messages claiming to come from their domain. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop