ietf-mxcomp
[Top] [All Lists]

RE: Can you ever reject mail based on RFC2821 MAIL FROM?

2004-04-24 05:53:05


-----Original Message-----
From: Greg Connor [mailto:gconnor(_at_)nekodojo(_dot_)org] 
In that case, here is an easy one:  altavista.com.  It sends NO mail, so 
therefore it is safe to block ALL mail claiming that MAIL FROM without 
examining any headers.

This may be true for altavista.com, but it is not true of domains in
general. Email service providers that handle bounces for their clients, as
well as numerous vertical applications, frequently have domains that are
used only for that purpose. The 2822 from domain is the sender, the 2821
domain is the bounce handler (with names along the lines of
"in.constantcontact.com"). In other words, there are domains that are valid
in the 2821 from but never valid in the 2822 from.

The 2821 address is the bounce and error handler. Checking the 2821 validity
tells you ONLY that there is a legitimate bounce and error handler for this
message. It tells you nothing else. 

I can understand an argument for rejecting messages that don't have valid
return addresses, but I can't see that it amounts to much more than a
distraction on the route to creating accountability, which requires
validating servers and senders. A valid server and sender will provide (by
any reasonable definition of valid) a valid 2821 address.

Margaret.