Re: Re Anonymous Final Destination and mail submission
2005-06-26 13:03:04
At 11:31 -0400 on 06/26/2005, Keith Moore wrote about Re: Re
Anonymous Final Destination and mail submission:
If you are "final destination" (ie: Are an SMTP Server acting as a
MTA due to being pointed to by a MX) you have to assume that the
MTA that is relaying the message to you for delivery has verified
that Mail From so you HAVE TO assume that it is valid/usable.
This is clearly not the case. If the DNS name in the MAIL FROM
address is invalid you can't send a bounce message to it anyway, so
you don't "HAVE TO" use it. In a world where a significant
percentage of mails received have bogus MAIL FROMs and/or bogus RCPT
TO addresses or are undeliverable for other reasons, checking the
DNS name of the MAIL FROM _before_ you agree to relay mail to a
recipient starts to make sense.
I mostly agree with the above. My comment was directed to a statement
(to which I was replying) that a final destination server still needs
to validate the Mail From address just like it would if it were a MSA
(ie: The Server that initially accepted the message for local
delivery or relay) to the extent possible at that late stage of the
process but has to rely on the MSA having done those checks that only
a MSA can do. My statement was meant to only cover the cases where
the server that is going to issue the bounce can first determine if
sending a bounce will succeed (ie: It is to go to a valid domain
while the userid MAY be nonexistent or while existent is not the
correct address to send to [ie: It is spoofed]). Obviously if the
domain does not exist (ie: There is no MX or A record) attempting to
send a bounce is an exercise in futility. Checking for the actual
existence of that address (ie: That there is a mailbox that can
accept the bounce message) requires the issuing of a VEFY Command
which many/most SMTP Servers will not respond to for security/privacy
reasons.
Your statement that you should be "checking the DNS name of the MAIL
FROM _before_ you agree to relay mail to a recipient" applies to the
MSA not when (as I qualified my statement) acting as a "final
destination" MTA Server since at that point you are not relaying but
attempting to do delivery.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
Re Anonymous Final Destination WAS : request discussion of two documents on SMTP relaying, Willemien
- Re: Re Anonymous Final Destination WAS : request discussion of two documents on SMTP relaying, Hector Santos
- Re: Re: Re Anonymous Final Destination and mail submission, Willemien
- Re: Re: Re Anonymous Final Destination and mail submission, Robert A. Rosenberg
- Re: Re Anonymous Final Destination and mail submission, Keith Moore
- Re: Re Anonymous Final Destination and mail submission,
Robert A. Rosenberg <=
- Re: Re Anonymous Final Destination and mail submission, Keith Moore
- Re: Re Anonymous Final Destination and mail submission, Hector Santos
- Re: Re Anonymous Final Destination and mail submission, Valdis . Kletnieks
- Re: Re Anonymous Final Destination and mail submission, Hector Santos
- Re: Re Anonymous Final Destination and mail submission, Valdis . Kletnieks
Re: Re Anonymous Final Destination and mail submission, Keith Moore
Bounce/System Notification Address Verification, Hector Santos
Re: Bounce/System Notification Address Verification, Valdis . Kletnieks
Re: Bounce/System Notification Address Verification, Hector Santos
Re: Bounce/System Notification Address Verification, Keith Moore
|
|
|