Don't support shortened versions of your domain names in email addresses

July 14, 2015

I'll start with the basic background: the university here is divided up into a lot of departments and divisions and groups and so on. Most of them have subdomains under our top level domain, for instance (and then hosts under their subdomain), and many of them run (or ran) their own email systems, creating email addresses like <user>

We have been providing email to people for what is now quite a long time. Way back at the beginning of that time, so long ago that DNS itself was very shiny and new, we decided to let people send email using shortened versions of all of the university's subdomains. Rather than having to send email to '<user>', you could send it to just '<user>@ece' and the mail system would work out where it should really go. This saved a bunch of people a bunch of typing back in the days when you had to type all of the email addresses out and was much appreciated.

Of course people got used to using these short domain names. Of course people put them everywhere, because they were generally supported; you could put them in .forward files, you could put them in simple mailing lists, and so on. And as a result of this, of course we've never depreciated this feature.

If you guessed that supporting this feature in modern MTAs is a slowly increasing amount of work, you're correct; it absolutely is. If you guessed that it kind of goes wrong sometimes, you're also correct (I discovered a case today). So I have a simple suggestion: if you're tempted to do this because it sounds like a neat convenience feature, don't. Forcing everyone to use fully canonicalized domain names will make your life much simpler and will avoid a certain amount of pain.

(It's probably going to get worse, since DNS keeps growing more and more weird top level domains. Sooner or later we're going to have a serious collision between a new one and one of our own subdomains.)

The hard thing about this is that I don't think we were wrong to support shortened versions of the university domains way back when, and depreciating them at any time since then would undoubtedly have been a lot of work and not have been appreciated at all. But I still think that in the modern world it would be better if we weren't supporting them any more. In a world with MUAs that have address autocompletion and so on, I think they're not necessary and they do cause problems.

(When I say that 'we' did this way back when, I mean the people who were sysadmins here in those days, not me personally.)

Sidebar: one way to have a collision heartburn

Suppose that you have a university subdomain, let's call it aa for illustration; this subdomain has a wildcard A record for its own reasons. There's also a aa TLD (here it would be a country), and one of your users tries to send email to '<user>@misspelled.aa'. With the best of intentions, your MTA is almost certainly going to wind up trying to deliver this email to the aa subdomain wildcard A record instead of rejecting it as 'no such domain exists'.

(If the target of the A record doesn't respond to SMTP connections, your MTA will be retrying it for some time (especially if you've configured high timeouts for in-university addresses).)

Written on 14 July 2015.
« My personal view of OpenBSD
Mdb is so close to being a great tool for introspecting the kernel »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Jul 14 00:15:46 2015
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.