[Top] [All Lists]

Re: Re Anonymous Final Destination and mail submission

2005-06-26 13:03:04

At 11:31 -0400 on 06/26/2005, Keith Moore wrote about Re: Re Anonymous Final Destination and mail submission:

If you are "final destination" (ie: Are an SMTP Server acting as a MTA due to being pointed to by a MX) you have to assume that the MTA that is relaying the message to you for delivery has verified that Mail From so you HAVE TO assume that it is valid/usable.

This is clearly not the case. If the DNS name in the MAIL FROM address is invalid you can't send a bounce message to it anyway, so you don't "HAVE TO" use it. In a world where a significant percentage of mails received have bogus MAIL FROMs and/or bogus RCPT TO addresses or are undeliverable for other reasons, checking the DNS name of the MAIL FROM _before_ you agree to relay mail to a recipient starts to make sense.

I mostly agree with the above. My comment was directed to a statement (to which I was replying) that a final destination server still needs to validate the Mail From address just like it would if it were a MSA (ie: The Server that initially accepted the message for local delivery or relay) to the extent possible at that late stage of the process but has to rely on the MSA having done those checks that only a MSA can do. My statement was meant to only cover the cases where the server that is going to issue the bounce can first determine if sending a bounce will succeed (ie: It is to go to a valid domain while the userid MAY be nonexistent or while existent is not the correct address to send to [ie: It is spoofed]). Obviously if the domain does not exist (ie: There is no MX or A record) attempting to send a bounce is an exercise in futility. Checking for the actual existence of that address (ie: That there is a mailbox that can accept the bounce message) requires the issuing of a VEFY Command which many/most SMTP Servers will not respond to for security/privacy reasons.

Your statement that you should be "checking the DNS name of the MAIL FROM _before_ you agree to relay mail to a recipient" applies to the MSA not when (as I qualified my statement) acting as a "final destination" MTA Server since at that point you are not relaying but attempting to do delivery.

<Prev in Thread] Current Thread [Next in Thread>