[dns-operations] email address in SOA

Phil Pennock dnsop+phil at spodhuis.org
Thu Dec 6 04:29:05 UTC 2012 

On 2012-12-05 at 20:32 -0500, Andrew Latham wrote:
> It is informational only and often unchecked or audited by
> organizations.  The purpose is to discuss DNS related issues with the
> DNS admin and dots in email user names are considered a wild card and
> would simply be compacted so foo.bar at google.com and foobar at google.com
> are the same.  As Paul mentions you should escape the period or other
> char if needed.

Interpretation of the left-hand-side of an email address is
domain-specific, and is part of the federated model of email: nobody
other than the folks running example.org get to say how the "thisbit" in
<thisbit at example.org> gets interpreted.

As such, assumptions for interpretation of email addresses encoded into
DNS records are bad.  Paul Vixie is (as is usual) correct when he notes
that the correct way to advertise foo.bar at example.org is
foo\.bar.example.org, and I'll go further and say that the _sensible_
thing to do is to not pick a left-hand-side with a dot in it, since you
get to choose which address to advertise.

What protocols say you can do, and which sets of functionality are
portably correct, can differ.  Avoid the issue.

For email, you don't even get to assume that the left-hand-side (LHS) is
case-insensitive.  If you lower-case all email addresses you receive,
then that's a bug.

Now, every email operator will offer some set of canonicalisations for
the LHS.  It might be the empty set.  The most _common_ canonicalisation
is to treat the LHS as case-insensitive so that <FOO at example.org> and
<foo at example.org> are the same thing; nobody but the domain's mail
operator gets to make that call, and anyone else should preserve the LHS
as given to them.

A second fairly common (but nowhere near as wide-spread)
canonicalisation is sub-addressing, also supported by Gmail (and so
google.com), so that you can have <foo+more at example.org> is internally
routed, within example.org, to <foo at example.org>.  I mention it as
another example, and because even though it's not universal, I'm
confident it's currently the second-most common canonicalisation.

Gmail offers what was, at the time they introduced it, an _unusual_
canonicalisation, which may have become more widespread now.  It makes a
lot of sense.  Gmail says that, for mail to one of their domains, dots
are not significant and canonicalise away.  They're not wildcards,
they're just noise that's skipped.  So phil.pennock and philpennock are
the same LHS.  The dots from account sign-up are just remembered for
presenting as the normal form of the address.

So in the particular case of @google.com, it is true that once the
message is received by the google mail-servers, <foo.bar at google.com> and
<foobar at google.com> would be treated the same; that doesn't mean that
people composing email to addresses found in DNS can assume that for any
domain: it's a choice made by the _recipient_ system, and one which
happens to have been published so folks can choose to rely on it, _for
those domains_.

For addresses going into DNS records, avoid addresses which contain a
dot in the LHS, escape it with a backslash if you can't avoid it, and
when writing tools to get email addresses from DNS, do bother actually
handling the escaping instead of "split on first dot".

-Phil

More information about the dns-operations mailing list