Hi On Tue 24/Nov/2015 06:51:41 +0100 Viktor Dukhovni wrote: > > Section 3: > > 1. For DNS-ID and CN-ID identifier types the client MUST use one or > more of the following as "reference identifiers": (a) the right > hand side of the email address, (b) the hostname it used to open > the connection (without CNAME canonicalization). The client MAY > also use (c) a value securely derived from (a) or (b), such as > using "secure" DNSSEC validated lookup. > > The problem here is that "the right hand side of the email address" > is not clearly defined, which email address? It seems that the > email address in question here is that of the user (performing mail > submission or accessing his own mailbox). Also I would replace > "right hand side" with "domain part" (RFC 5322 email addresses are > <localpart@domainpart>). I quickly searched "vanity" in the list archive, to no avail. Section 6 misses a case where mail.example.net also serves user@xxxxxxxxxxx. Some guidance on how to check/configure vanity domains may be appropriate, IMHO. Ale