ietf-822
[Top] [All Lists]

Re: SEND, SAML, SOML, VRFY: Used or Not?

1995-10-12 08:51:09
I have a question that is more 821 than 822:

Then it really belongs on the ietf-smtp list...

How commonly used and supported are the SMTP commands SEND, SAML, SOML,
and VRFY?

SEND, SAML, and SOML are very uncommon. I know of exactly two servers that
definitely support these commands: PMDF and TGV Multinet. Finding a client that
supports them may be even harder... There's even some question about whether or
not a message send with these things has a header -- both PMDF and TGV Multinet
assume a header is present, but I've heard rumors that servers exist that think
otherwise -- TOPS-20 maybe?

VRFY is another matter. Support for it is required by RFC821. Most servers do
support it as a result, albeit not very well, and there are some SMTP email
clients out there that use it to verify the validity of a mailbox prior to
sending mail to it. I personally think this generally a dumb thing to do and
would never write an SMTP email client that uses it by default, but its legal
to do it and servers do need to allow for it.

Note that I said "by default". There is at least one SMTP server out there that
implements full checking of mailbox validity in VRFY but not in RCPT TO. This
presents an overhead problem in that messages end up getting transferred to
this system in their entirety only to be bounced back later. For this reason it
may be advisable in some situations (e.g. very expensive connections) to have a
mode where VRFY can be added to the SMTP dialogue the email client generates.
PMDF's SMTP client provides such a mode, but its usefulness has proved to be
limited to fairly esoteric scenarios like SMTP over X.25 and X.29 and dialup
SMTP. (Yes, such things do exist -- there's even an RFC explaining how to do
it!)

VRFY is also used by a couple of the directory generation programs out there to
check to see whether or not a given mailbox is valid. (I believe Netfind is one
of the ones that uses it.) These things typically work by scanning newsgroups
and mailing lists and whatnot for potential addresses and then use a variety of
techniques to verify the validity of the address. VRFY is one of the techniques
that is used.

This in turn has led to a very unfortunate state of affairs. Some sites get
very very angry about being scanned this way and demand that it be possible to
disable the SMTP VRFY command so that it returns no useful information. (For
some sorts of government sites this turns out to be a legal requirement.) On
the other hand, some sites very much want this to work and thus end up
depending on the VRFY command being there. Its impossible to be all things to
all people, so servers really need to implement an option to control VRFY
command behavior. PMDF's SMTP server implements this capability, for example,
and we generally switch on the crippled form of VRFY on firewalls.

Is there much benefit to ensuring that an SMTP server supports
them?

I don't see any benefit to SEND, SAML, and SOML. Even though our PMDF server
supports them I see no benefit to ensuring that they work. VRFY should be
supported, however, and servers probably should offer some options to control
its behavior. I would recommend ensuring that it does work and if your
application includes firewall operation I'd recommend ensuring that its
controllable as well.

                                Ned
<Prev in Thread] Current Thread [Next in Thread>