On Jul 15, 2007, at 12:08 PM, John C Klensin wrote:
That said, I could see doing something else if there was general
consensus that it would be worthwhile. Partially because of the
circumlocutions and security consideration issues, there is a lot
of text about VRFY and EXPN in 2821bis. I may regret saying this
but, without looking at the spec, I think I could separate that
material out into a separate document called "SMTP VRFY and EXPN
Commands" or words to that effect. This would not change the basic
specification or requirements at all, but would shorten the SMTP
spec itself, keeping text that that did not have any VRFY/EXPN
details.
When operating as a backup or preprocessing MTA as a service for
third-parties, normally verifying valid recipients is handled by
using some form of LDAP or Active Directory. This lowers the number
of bounces that might be otherwise generated. A VRFY enabled on an
MTA that only accepts this command or messages from a backup or
preprocessing MTA can function as an alternative to LDAP when this
information is cached.
Microsoft, for Exchange 2000 or 2003, dropped full support for this
command and always returns 252 2.1.5 Cannot VRFY user, as VRFY is
always advertised. The proper response can not be enabled via a
registry setting, even when the MTA only responds to a trusted
upstream MTA. Specific event driven software must be added before
this function can operate as intended, which of course makes LDAP/
Active Directory a simpler choice. : (
-Doug