On Fri, Aug 22, 2025 at 08:24:55AM +0100, Simplelists - Andy Beverley via
mailop wrote:
> On 22/08/2025 04:43, Viktor Dukhovni via mailop wrote:
> > Therefore, and especially for email, given that SMTP deliveries are
> > queued and retried, I don't see a compelling reason for long TTLs.
>
> I would say that for email it's not so much the delivery itself, it's the
> plethora of other checks. E.g. receivers checking DKIM/DMARC and having
> stringent requirements for such (Microsoft DNS failures in this regard have
> come up on this list a few times).
Any MTA that turns a temporary DNS failure (SERVFAIL rather than
NXDOMAIN) into a 5XX reject (rather than a 4XX softfail) is badly broken
and MUST NOT be used.
I personally have not run into any mainstream MTAs that are broken in
this way.
> We occasionally see rejects from Gmail when it thinks there is no PTR record
> for the IP address that is sending the email, even though the record is
> there.
>
> The problem with these checks is that there is no retry mechanism - the
> email is just rejected.
If failure to resolve SPF, DKIM, or DMARC related DNS records leads the
receiving MTA to issue a 5XX hard error, rather than a 4XX tempfail, the
receiving MTA (or its content inspection stack) is badly busted. As a
community with domain expertise, we need to make a fuss until any such
MTAs are fixed.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
