Unresolvable Domain

From Roaring Penguin
Revision as of 13:27, 19 January 2017 by Admin (talk | contribs) (Why do we reject unresolvable domains?)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

On Hosted CanIt, you may see logs similar to this:

5.1.8 <user@example.com>... Domain of sender address xyz@pqrst.example.com does not exist

Hosted CanIt always rejects messages where the domain of the envelope sender (in the example above, pqrst.example.com lacks an A, AAAA and MX record. This policy is absolutely firm.

Why do we reject unresolvable domains?

If there is a delivery problem, the Internet standards require that a failure notification be sent to the envelope sender (in this example, xyz@pqrst.example.com). If that domain does not exist, then obviously no failure notification can be sent.

The Internet standards are clear. RFC 5321 explicitly says:

Only resolvable, fully-qualified domain names (FQDNs) are permitted when domain names are used in SMTP. In other words, names that can be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed in Section 5) are permitted, as are CNAME RRs whose targets can be resolved, in turn, to MX or address RRs.

How can I make this work?

Only the sender of the email can fix the problem. There are two options available:

  1. Make sure the domain of the envelope sender address is resolvable. That is, whatever comes after the @ sign in the sender address must have at least one of an A, AAAA or MX record.
  2. Use the null return path <> as the envelope sender. This is useful for situations in which you don't care to receive failure notifications.

Can Roaring Penguin please make an exception?

No, sorry. It is an error to send mail from unresolvable domains and the onus is on the sender to fix the problem.

I run my own CanIt server. How can I allow unresolvable domains?

Please don't. Allowing unresolvable domains simply encourages bad Internet hygiene, ignorance of standards and sub-par programming practices.

That said, if you want to ignore best current practices and allow such domains, see this Wiki page.