ietf-asrg
[Top] [All Lists]

Re: [Asrg] Some data on the validity of MAIL FROM addresses

2003-05-20 12:14:24

Yakov Shafranovich wrote:
See RFC 2821, section 3.1.:

---snip----
    However, in practice, some servers do not perform recipient
    verification until after the message text is received.  These servers
    SHOULD treat a failure for one or more recipients as a "subsequent
    failure" and return a mail message as discussed in section 6.
---snip----

Even thought it might be recommended to do processing in real-time, in 
practice many systems do not and will not. We must be take that into account. 

I agree with Yakov, and would even go further.  I think smtp-session
reject is falling out of favor and will eventually disappear.

There are strong reasons to prefer accept-then-bounce or even filter to 
reject.

(1) Reject gives feedback about your system to would-be bad
    guys--including dictionary spammers--in a much faster and more 
    reliable way.  Sysadmins rightly want to give out as little 
    information as possible, because that's standard practice anywhere
    security is involved.

(2) Reject is a less flexible mechanism.  Accept-then-bounce or filter 
    allows recipients to work around certain obselete or overzealous
    systems.

(3) Senders have come to understand that messages get incorrectly
    filtered as spam sometimes; they no longer expect to recieve an
    immediate rejection if there is a problem delivering a message.

Like ident, smtp-reject has some usefulness inside private networks, but
one shouldn't expect to see it widely used on the public Internet.

Mike


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>