[Top] [All Lists]

Re: RFC2821bis-01 Issue 3: EHLO parameter

2007-03-22 21:25:37

Hi John,

Please forgive me if I have not read the latest draft (would be helpful to provide a reference link in your postings for quick review).

Anyway, if this is not cover already, I would like to comment that if we can separate the growing propensity to include "policy" concepts in what is otherwise a technical protocol mechanism, it will help resolve many of the questions with consensus.

For example, the discussion about rejection. I would say that by default, what the world needs to understand (and that includes bad guys) that the FIRST criteria is 100% technical compliance and that non-compliance CAN and WILL be used as the new mantra for rejection.

We are too deep into the way we do these. The best we can do is to help begin changing the decades old "lackadaisical" mindset of relaxed provisions. IOW, at the very least, the new genre should be that we expect ALL transactions to begin with 100% compliance.

After that, in my view, BCP and policy recommendations becomes important but it is 2nd natural to the overall basic expectations for SMTP to SMTP transactions.


John C Klensin wrote:

Section 4.1.4, paragraph 6 (starting "An SMTP server MAY verify...") discusses the use and validation of the domain name value in EHLO or HELO. It has been suggested that this discussion be strengthened by a discussion of the conditions under which rejection for a bad EHLO argument might be permitted. That discussion would be explicitly tied to the material about rejections in Section 7 (Security Considerations).

At least one argument against a change is that it would be hard to write the needed text without promoting future arguments about situations that are not covered. Right now, the model is to describe one specific reason why a message cannot be rejected based on an EHLO parameter, then essentially invoke the rule that a server can reject a message for virtually any reason, just because it isn't obligated to accept and process mail.

Question: Is a change needed here, or is the text ok as is?