[Top] [All Lists]

Re: draft-klensin-rfc2821bis-04: VRFY and EXPN syntax

2007-07-16 07:33:01

On Jul 15, 2007, at 12:08 PM, John C Klensin wrote:

That said, I could see doing something else if there was general consensus that it would be worthwhile. Partially because of the circumlocutions and security consideration issues, there is a lot of text about VRFY and EXPN in 2821bis. I may regret saying this but, without looking at the spec, I think I could separate that material out into a separate document called "SMTP VRFY and EXPN Commands" or words to that effect. This would not change the basic specification or requirements at all, but would shorten the SMTP spec itself, keeping text that that did not have any VRFY/EXPN details.

When operating as a backup or preprocessing MTA as a service for third-parties, normally verifying valid recipients is handled by using some form of LDAP or Active Directory. This lowers the number of bounces that might be otherwise generated. A VRFY enabled on an MTA that only accepts this command or messages from a backup or preprocessing MTA can function as an alternative to LDAP when this information is cached.

Microsoft, for Exchange 2000 or 2003, dropped full support for this command and always returns 252 2.1.5 Cannot VRFY user, as VRFY is always advertised. The proper response can not be enabled via a registry setting, even when the MTA only responds to a trusted upstream MTA. Specific event driven software must be added before this function can operate as intended, which of course makes LDAP/ Active Directory a simpler choice. : (