IETF RFC 7505 describes MX records for a domain/host that explicitly should not receive email. This is accomplished by pointing the MX at the Domain Name System root. For example,
nomail.example.com. 86400 IN MX 0 "."
Why is this needed? In my understanding, explicit refutation is available by using domains under the TLD invalid. For example,
nomail.example.com. 86400 IN MX 0 "spam.invalid."
nomail.example.com. 86400 IN MX 10 "null.invalid."
I see that RFC 2782, DNS SRV, likewise specifies that "A Target of '.' means that the service is decidedly not available at this domain." So I suppose my question is:
Why should we use the DNS root to mean "not available" when invalid already serves this function?
Answer
Because that is not what you are supposed to be using .invalid for. Like .example it is meant for local testing and documentation.
Additionally, using .invalid still causes additional things to happen - additional DNS look ups and queuing on the mail server for retries for one off the top of my head.
Using the "." format is supposed to cause an immediate hard fail. Causing the MTA to immediately stop attempting delivery. At least that's the way the intro to the RFC reads.
No comments:
Post a Comment