Hi John,
Please forgive me if I have not read the latest draft (would be helpful
to provide a reference link in your postings for quick review).
Anyway, if this is not cover already, I would like to comment that if we
can separate the growing propensity to include "policy" concepts in what
is otherwise a technical protocol mechanism, it will help resolve many
of the questions with consensus.
For example, the discussion about rejection. I would say that by
default, what the world needs to understand (and that includes bad guys)
that the FIRST criteria is 100% technical compliance and that
non-compliance CAN and WILL be used as the new mantra for rejection.
We are too deep into the way we do these. The best we can do is to help
begin changing the decades old "lackadaisical" mindset of relaxed
provisions. IOW, at the very least, the new genre should be that we
expect ALL transactions to begin with 100% compliance.
After that, in my view, BCP and policy recommendations becomes important
but it is 2nd natural to the overall basic expectations for SMTP to SMTP
transactions.
--
HLS
John C Klensin wrote:
Section 4.1.4, paragraph 6 (starting "An SMTP server MAY verify...")
discusses the use and validation of the domain name value in EHLO or
HELO. It has been suggested that this discussion be strengthened by a
discussion of the conditions under which rejection for a bad EHLO
argument might be permitted. That discussion would be explicitly tied
to the material about rejections in Section 7 (Security Considerations).
At least one argument against a change is that it would be hard to write
the needed text without promoting future arguments about situations that
are not covered. Right now, the model is to describe one specific
reason why a message cannot be rejected based on an EHLO parameter, then
essentially invoke the rule that a server can reject a message for
virtually any reason, just because it isn't obligated to accept and
process mail.
Question: Is a change needed here, or is the text ok as is?
johb