On 7/12/23 9:42 PM, Felix Fontein via mailop wrote:
right now there is only a SOA record for `us.` itself and for
`ci.westfir.or.us.`, but for nothing inbetween.
Ugh, you're right, the customer has removed the delegation of
westfir.or.us (I was testing on internal servers that still showed the
results.)
And Marcel Becker describes that what Yahoo is actually doing is
checking for an SOA in two places:
- the "domain name" used in a MAIL FROM, and
- the PSL-based organizational domain that's the parent of the subdomain
(if any).
If neither exists, you get this error.
That explains the issue I saw (thanks!), although it means that the
check isn't only run for MAIL FROM domains that are directly at a PSL
delegation point, as was suggested in the thread in May.
I still think this is a check that's prone to false positives -- it's
assuming things about other peoples DNS setups don't necessarily hold
true. For example, even if a domain name is on the PSL, there's no
reason that the same organization couldn't also host the DNS for the
levels below it in the same zone file, in which case no SOA will exist
for the level below.
But anyway, if other people have this trouble, note that it can happen
whether the MAIL FROM domain name is directly at a PSL breakpoint or
not. The issue is just that there's no SOA found at the MAIL FROM domain
name level, nor at the PSL organizational domain level (if different),
so you need to make one of those exist.
--
Robert L Mathews
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop