[Top] [All Lists]

Re: Sender's Declaration of Identity

2005-05-17 09:08:19

I assume from the position of your comment above, that you are objecting to
the expectation that Reply Code 500 could be a normal and harmless
response.  The key question for me is - Will it actually break
something?  I've tried sending the ID command to a variety of receivers
using different server software, and they all respond with either 500 or
502, yes even Hector's super-strict Winserver!

Servers exist that will hang up on the first invalid command they receive.
Examples include the Microsoft Mail SMTP server (where it was a bug since it
also applied to EHLO) as well as a bunch of more modern servers, many of which
are configurable to allow only so many bad commands before hanging up. I don't
think it is wise for people to set such limits to 1, but I've seen several
people do it.

It is therefore essential that the EHLO negotation framework be used to
avoid sending unrecognized commands.

But this isn't the real problem with your proposal - fixing it so it
used EHLO is simple enough. The real problem is that you have yet to
demonstrate how adding an ID command is actually effective in combating
spam. I'm with Valdis on this one.