Re: seeking: Ian Jackson
RFC 1123 contains this requirement:
5.2.2 Canonicalization: RFC-821 Section 3.1
The domain names that a Sender-SMTP sends in MAIL and RCPT
commands MUST have been "canonicalized," i.e., they must be
fully-qualified principal names or domain literals, not
nicknames or domain abbreviations. A canonicalized name either
identifies a host directly or is an MX name; it cannot be a
CNAME.
This means that it's fine to use domains pointing to CNAMEs in Internet
mail. It does not matter if RFC 821 requires canonical names in RCPT or
MAIL arguments because it's the job of the sending to apply
canonicalization to comply with this requirement.
But it's generally wrong to expect that RFCs reflect what's being done
on the Internet. Current state of affairs is that hardly anybody
implements that rule from RFC 1123 correctly. Sendmail applies it to
headers as well, which is simply wrong. Exim doesn't implement it at
all. I don't know about Postfix. Some MTAs (like Ian's) enforce that
RCPT/MAIL arguments are in fact canonical names, decreasing email
reachability. There aren't that many MTAs which do that (and I think
it's a questionable configuration choice), and the only reasonable way
around that is not to use non-canonical domains in email addresses.
The MX-to-CNAME and CNAME-to-CNAME issues are unrelated. CNAME-to-CNAME
works in the sense that clients which can cope with a single CNAME
indirection correctly implement CNAME chasing, provided that chain is
not too long to cause the DNS response not to fit into a 512 byte
packet. (This has been emprically demonstrated by Akamai and others.)
Some MTAs bounce mail targeted at MX-to-CNAME domains (IIRC, smail
contains a configuration option to do this), so you should generally
avoid this to avoid email reachability issues. And NS-to-CNAME doesn't
work at all, BTW.
Reply to: