Hi Alessandro, On 27/11/2015 19:50, Alessandro Vesely wrote: > Hi > > On Tue 24/Nov/2015 06:51:41 +0100 Viktor Dukhovni wrote: >> >> Section 3: >> >> 1. For DNS-ID and CN-ID identifier types the client MUST use one or >> more of the following as "reference identifiers": (a) the right >> hand side of the email address, (b) the hostname it used to open >> the connection (without CNAME canonicalization). The client MAY >> also use (c) a value securely derived from (a) or (b), such as >> using "secure" DNSSEC validated lookup. >> >> The problem here is that "the right hand side of the email address" >> is not clearly defined, which email address? It seems that the >> email address in question here is that of the user (performing mail >> submission or accessing his own mailbox). Also I would replace >> "right hand side" with "domain part" (RFC 5322 email addresses are >> <localpart@domainpart>). > > I quickly searched "vanity" in the list archive, to no avail. Section 6 misses > a case where mail.example.net also serves user@xxxxxxxxxxx. I added another example in section 6. > Some guidance on > how to check/configure vanity domains may be appropriate, IMHO. If you can suggest some specific text, that would be great? Best Regards, Alexey