It is very difficult to measure how many current installs rely on the
implicit MX, as someone else noted.
On a somewhat different angle of attack:
Even five years ago, it was considered mildly problematic to deploy a
hostname where the A pointed someplace incapable of receiving mail,
since some "products" (you know who you are) were so poorly written
and still in use that they would connect to the A (or "implicit MX"
if you prefer) even in the presence of MX records.
Now that another five years have passed, it would be interesting to
see how many antiques are still sending e-mail AND are worth talking
to. I'm guessing not many.
That suggests that it might well be fine to point A at something that
is not capable of receiving SMTP, as long as you have MX records. An
arrangement that should always have been practical, of course.
Is anyone actually doing this?
... JG
Joe Greco wrote:
Do metrics exist on how many current installs still rely on the implicit
MX?
It's very common for email from web servers to be poorly configured such
that it uses the webserver's hostname as the return path's mail domain.
It is very difficult to measure how many current installs rely on the
implicit MX, as someone else noted.
On a somewhat different angle of attack:
Even five years ago, it was considered mildly problematic to deploy a
hostname where the A pointed someplace incapable of receiving mail,
since some "products" (you know who you are) were so poorly written
and still in use that they would connect to the A (or "implicit MX"
if you prefer) even in the presence of MX records.
Now that another five years have passed, it would be interesting to
see how many antiques are still sending e-mail AND are worth talking
to. I'm guessing not many.
That suggests that it might well be fine to point A at something that
is not capable of receiving SMTP, as long as you have MX records. An
arrangement that should always have been practical, of course.
Is anyone actually doing this?
... JG
I'd think this more than common - the A record for the domain quite
often is set to point to the same IP as the www. A record where that
server isn't running an smtp service.
We've certainly got clients who do this, and haven't ever reported it
causing problems = one example :-
host -t A www.thehut.com
www.thehut.com has address 89.234.46.152
host -t A thehut.com
thehut.com has address 89.234.46.152
host -t MX thehut.com
thehut.com mail is handled by 3 mail.thehutgroup.com.
host -t A mail.thehutgroup.com.
mail.thehutgroup.com has address 217.158.230.4
Regards
Pete
I can't quite answer your question yet, but here are some related numbers.
I analysed the mail domains used in envelope return paths of 10 days of
traffic from the start of this month (before the end of term - I work for
Cambridge University). This totalled 2473192 messages from 98825 domains
after spam filtering. The data is rather skewed: 43295 domains were used
in only one message each.
The breakdown of these domains from the DNS point of view is:
total: 98825
broken: 897 - neither A nor MX records
no A: 18687
no MX: 6282
mismatch: 56244 - A and MX point to different hosts
partial: 380 - A is not a subset of MX
match: 16335 - A is a subset of MX
Note that there is some difference between the validation done by the DNS
software I used for this analysis and that done by our MTA, and over a
week has passed since we accepted these messages, which is why the
"broken" count is non-zero.
I did this using about 150 lines of perl and `adnshost -f -a`; I don't
have a handy concurrent SMTP tool so the full analysis will take more
work...
Tony.