A "Null MX" No Service Resource Record for Domains that Accept No Mail

A "Null MX" No Service Resource Record for Domains that Accept No Mail Taughannock Networks

PO Box 727 Trumansburg 14886 NY +1 831 480 2300 standards@taugh.com http://jl.ly

Apple Inc.

1 Infinite Loop Cupertino 95014 CA mx0dot@yahoo.com

Applications DNS e-mail Internet mail determines the address of a receiving server through the DNS, first by looking for an MX record and then by looking for an A/AAAA record as a fallback. Unfortunately this means that the A/AAAA record is taken to be mail server address even when that address does not accept mail. The no service MX RR, informally called null MX, formalizes the existing mechanism by which a domain announces that it accepts no mail, without having to provide a mail server, which permits significant operational efficiencies.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . The terms RFC5321.MailFrom and RFC5322.From are used as defined in .

This document defines the No Service MX, informally called null MX, as a simple mechanism by which a domain can indicate that it does not accept email. SMTP clients have a prescribed sequence for identifying a server that accepts email for a domain. Section 5 of covers this in detail, but in essence the SMTP client first looks up a DNS MX RR and if that is not found it falls back to looking up a DNS A or AAAA RR. Hence this overloads an email service semantic onto a DNS record with a different primary mission. If a domain has no MX records, senders will attempt to deliver mail to the hosts at the domain's A or AAAA record's addresses. If there is no SMTP listener at the A/AAAA address, message delivery will be attempted repeatedly for a long period, typically a week, before the sending MTA gives up. This will delay notification to the sender in the case of misdirected mail, and will consume resources at the sender. This document defines a null MX that will cause all mail delivery attempts to a domain to fail immediately, without requiring domains to create SMTP listeners dedicated to preventing delivery attempts.

To indicate that a domain does not accept email, it advertises a single MX RR (see , section 3.3.9) with an RDATA section consisting of preference number 0, and a zero length label, written in master files as ".", as the exchange domain, to denote that there exists no mail exchanger for a domain. Since "." is not a valid host name, a null MX record can not be confused with an ordinary MX record. The use of "." as a pseudo-host name meaning no service available is modeled on the SRV RR where it has a similar meaning. A domain that advertises a null MX MUST NOT advertise any other MX RR.

The null MX record has a variety of efficiency and usability benefits.

Mail often has an incorrect address due to user error, where the address was mistranscribed or misunderstood, for example, to alice@www.example.com or alice@example.org or alice@examp1e.com rather than alice@example.com. Null MX allows a mail system to report the delivery failure when the user sends the message, rather than hours or days later. Senders of abusive mail often use forged undeliverable return addresses. Null MX allows Delivery Status Notifications (DSNs) and other attempted responses to such mail to be disposed of efficiently. The ability to detect domains that do not accept email offers resource savings to an SMTP client. It will discover on the first sending attempt that an address is not deliverable, avoiding queuing and retries. When a submission or SMTP relay server rejects an envelope recipient due to a domain's null MX record, it SHOULD use a 556 reply code (Requested action not taken: domain does not accept mail) and a 5.1.TBD enhanced status code (Permanent failure: Recipient address has null MX). A receiving SMTP server that chooses to reject email during the SMTP conversation that presents an undeliverable RFC5321.MailFrom or RFC5322.From domain can be more confident that for other messages a subsequent attempt to send a DSN or other response will reach a recipient SMTP server. SMTP servers that reject mail because a RFC5321.MailFrom or RFC5322.From domain has a null MX record SHOULD use a 550 reply code (Requested action not taken: mailbox unavailable) and a 5.7.TBD enhanced status code (Permanent failure: Sender address has null MX).

Null MX is primarily intended for domains that do not send or receive any mail, but have mail sent to them anyway due to mistakes or malice. Many receiving systems reject mail that has an invalid return address. Return addresses are needed to allow the sender to handle message delivery errors. An invalid return address often signals that the message is spam. Hence mail systems SHOULD NOT publish a null MX record for domains that they use in RFC5321.MailFrom or RFC5322.From addresses. If a server nonetheless does so, it risks having its mail rejected. Operators of domains that do not send mail can publish SPF -all policies to make an explicit declaration that the domains send no mail. Null MX is not intended to be a replacement for the null reverse path described in RFC 5321 section 4.5.5 and does not change the meaning or use of a null reverse path.

Within the DNS, a null MX RR is an ordinary MX record and presents no new security issues. If desired, it can be secured in the same manner as any other DNS record using DNSSEC.

IANA is requested to add the following entries to the "Enumerated Status Codes" sub-registry of the Simple Mail Transfer Protocol (SMTP) Enhanced Status Codes Registry.

Code: X.1.TBD Sample Text: Recipient address has null MX Associated basic status code: 556 Description: This status code is returned when the associated address is marked as invalid using a null MX. Reference: [this document] Submitter: [authors of this document] Change controller: IESG Code: X.7.TBD Sample Text: Sender address has null MX Associated basic status code: 550 Description: This status code is returned when the associated sender address has a null MX, and the SMTP receiver is configured to reject mail from such sender (e.g. because it could not return a DSN). Reference: [this document] Submitter: [authors of this document] Change controller: IESG

We thank Dave Crocker for his diligent and lengthy shepherding of this document.

&RFC1035; &RFC2119; &RFC5321; SMTP 521 and 556 Reply Codes Work In Progress &RFC2782; &RFC5598; &RFC7208;

NOTE TO RFC EDITOR: This section may be removed upon publication of this document as an RFC.

Change 521 to 556, change reference.

Fix name of IANA registry. Yea, even yet more editorial cleanup.

Add new enhanced status codes and ref for 521 return code. Even yet more editorial cleanup.

Even more editorial cleanup. Mention SRV you SHOULD NOT put a null MX on domains that send mail

Fix ID nits, add NULL IANA section. More editorial cleanup.

Reorganize.

Editorial nits per Murray.

Should not publish NULL MX with other MX. Never say never. Add 5.1.2 enhanced status code. Minor editorial changes.

Editorial improvements per D. Crocker's review.

Fix typos.