SM wrote:
There was a time when email was a collaborative effort where we do our
best to deliver the mail.
IMO, I don't think it really has not changed. Most system do follow
this principle. We have not changed our product model to alter that
fundamental principle and I will go on to further say laws are written
on that principle as well. Our product is been ethically engineered and
molded around that fundamental "user expectation" principle.
Nowadays it's more about whether the message
is more important to the sender or the receiver.
Thats two parts:
- Mail content interpretation which I would prefer all SMTP software
writers still out of and let admin deal with that.
- And SMTP level compliance, which is something we concentrated on while
still adhering to the above fundamental "User Expectation" principle.
By far, but all industry measures, the latter is where the majority of
the exploitation has taken place to provide the threat entry points to
given sysops and users the mail content fits.
Greylisted or not, if a server is temporarily rejecting an email
transaction for typical normal (4yz) reasons as indicated in the
example reply codes, I believer server implementations is basing this
idea that the retry attempts will be made again with the same
information.
No, it's greylisting which is based on that idea and not the SMTP
implementation.
Well, I will argue that the successful growth of greylisting systems is
based on the fundamental SMTP 4yz retry principles. It that wasn't the
case, greylisting would not be a consideration.
I accept the idea that the client may not reissue the same ENV
information, but that is by far *not* the normal practice in retry
logics. Google would be the first that I know of, and I feel pretty
sure that if Google is made aware of this greylist issue with their
email validations logic, they would more than likely change it, then
not, given the growth of greylisting systems.
In any case, if you feel that SMTP systems *should not* expect the same
information when issuing a 4yz, then it SHOULD be mentioned in the
specs. Currently that is not what is implied. Of course, it all
depends on the where the 4yx is used.
Thanks for your comments.
--
HLS