[Top] [All Lists]

Re: Site policy vs. HELO

2005-03-04 16:57:59

--On Wednesday, 02 March, 2005 13:03 -0500 Vince Sabio
<vince(_at_)vjs(_dot_)org> wrote:

However, it has recently been pointed out that the following
graf in RFC2821 may permit sites to _not_ be required to fall
back to HELO -- and issue a 550 response to HELO instead -- if
local policy dictates:

    [QUOTE RFC2821 SECT 7.7]

    In recent years, use of the relay function through
arbitrary sites     has been used as part of hostile efforts
to hide the actual origins     of mail.  Some sites have
decided to limit the use of the relay     function to known or
identifiable sources, and implementations SHOULD     provide
the capability to perform this type of filtering.  When mail
is rejected for these or other policy reasons, a 550 code
SHOULD be used in response to EHLO, MAIL, or RCPT as


So, the question: Is this a valid interpretation of Sect. 7.7
-- i.e., may an MTA provide a 550 response to HELO where it
would otherwise have given a 250 response to an EHLO if the
site policy for that MTA forbids HELO?

See Keith Moore's note, with which I agree.  You can, by
invoking the "reject anything for any reason" principle, not via
the text above, which was intended to appeal to the general
principle that HELO is the fallback and servers need to accept
it without identifying that requirement every single time.  But
it would pretty much be silly: while your favorite spammer may
use HELO, rejecting messages containing it will trash some
legitimate messages.  More important, if you are the only one
doing it, it might help stop some spam.  If you and a few
thousand of your friends do it, the spammers will figure out how
to spell "EHLO" and toss out the multiline replies.

Really, applying anti-spam solutions that the spammers can
trivially and obviously work around is not a good investment.
Over time, arguably contributes to an increase in the total
volume of spam without accomplishing much else.


<Prev in Thread] Current Thread [Next in Thread>