-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some domains are listed as live even when DNS times out #91
Some domains are listed as live even when DNS times out #91
Conversation
…ught when checking MX records, make the domain "not live".
There are a couple of other places where we catch the same exceptions ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jsf9k, this makes sense to me.
I guess the real question is, what does "live" vs "not live" mean for I think it's worth looking at the relevant code in I'm very interested to hear what @h-m-f-t thinks about this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Recognizing that I missed the period when the PR was open...) I think this is the wrong decision because it obscures the need for DMARC-related action. A domain that exists but doesn't send mail can be trivially spoofed -- and that can be stopped with a strong DMARC policy.
The presence of an MX record means that the domain receives mail. While email communication is typically full-duplex, the absence of email records doesn't mean that legitimate email isn't being send on behalf of the domain.
To me, "live" in trustymail should mean "does the domain exist?". I think the "live" nomenclature was used because that's what it was in pshtt. Maybe exists
is a better term?
I can always revert the PR. What does "exists" mean here? That the domain is registered? That's not something we check for explicitly in If this is the definition of exists, then I don't think it makes sense to include |
It's true we're not checking top-level domain whois', but I think that (and welcome further discussion on) a domain not NXDOMAIN'ing or SERVFAILing is a reasonable proxy for existence. It's functionally "live" if the domain resolves in public DNS, and therefore can benefit from DMARC action. |
Lineage pull request for: skeleton
@climber-girl noticed that the output of the following command reports
nara-at-home.gov
as "live" even though there are no MX records for that domain:This pull request fixes this issue. Domains for which no MX records exist will no longer be listed as "live".
This pull request is related to NCATS JIRA ticket CYHY-706.