サイトマップ | 連絡先 | IAjapan TOP
IAjapan 財団法人インターネット協会
有害情報対策ポータルサイト 迷惑メール対策編
  • 一般利用者の皆様へ
  • メール管理者の皆様へ
  • 関連情報
  • サイト紹介


the end user might never actually see, which can create a vector
for attack against end users by simply forging a Sender field
containing some identifier that DMARC will like.


2. Although it is certainly true that this is what the Sender field
is for, its use in this way is also unreliable, making it a poor
candidate for inclusion in the DMARC evaluation algorithm.

3. Allowing multiple ways to discover policy introduces unacceptable
ambiguity into the DMARC evaluation algorithm in terms of which
policy is to be applied and when.

2. メッセージ認証がSenderフィールドの目的であることには一理あるが、このような目的で使用すると信頼性も低く、DMARC判定アルゴリズムに含める対象とはならない。

3. ポリシーを検索する方法が複数可能になると、どのポリシーをいつ適用されるかという点で、DMARC判定アルゴリズムが曖昧となり受け入れられない。

A.4. Domain Existence Test

A common practice among MTA operators, and indeed one documented in
[ADSP], is a test to determine domain existence prior to any more
expensive processing. This is typically done by querying the DNS for
MX, A, or AAAA resource records for the name being evaluated and
assuming that the domain is nonexistent if it could be determined
that no such records were published for that domain name.

A.4. ドメイン存在判定


The original pre-standardization version of this protocol included a
mandatory check of this nature. It was ultimately removed, as the
method’s error rate was too high without substantial manual tuning
and heuristic work. There are indeed use cases this work needs to
address where such a method would return a negative result about a
domain for which reporting is desired, such as a registered domain
name that never sends legitimate mail and thus has none of these
records present in the DNS.


A.5. Issues with ADSP in Operation

DMARC has been characterized as a “super-ADSP” of sorts.

Contributors to DMARC have compiled a list of issues associated with
ADSP, gained from operational experience, that have influenced the
direction of DMARC:

A.5. 運用時のADSPの問題



1. ADSP has no support for subdomains, i.e., the ADSP record for
example.com does not explicitly or implicitly apply to
subdomain.example.com. If wildcarding is not applied, then
spammers can trivially bypass ADSP by sending from a subdomain
with no ADSP record.

1. ADSPには、サブドメインのサポートがない。すなわち、example.comのADSPレコードは、明示的にも暗黙的にもsubdomain.example.comに適用しない。ワイルドカードが適用されない場合、スパマーは、ADSPレコードのないサブドメインから送信することによって、ADSPを簡単に迂回させることができる。

[Page 54]

1  2  3  5  7  12  15  16  28  39  42  46  49  52  56  60  73

リンク・転載・引用・ロゴ使用について | プライバシーポリシー | IAjapanについて | 連絡先