At 06:37 PM 1/23/2009 +0100, Alessandro Vesely wrote:
Paul Smith wrote:
To get around [meaningless address literals], you use SMTP
submission with SASL (OK, that requires EHLO anyway, but the EHLO
name is irrelevant in that case).
IMV, if it is expected by the base standard that the EHLO data is
to be used for anything other than logging/tracing, then these
considerations and more need to be looked at carefully.
That's apparently the split that Message Submission envisions. Either the
client validates a name using a password, or it uses a globally registered,
hence meaningful, name.
How "meaningful" can a name be? It shouldn't be overwhelmingly difficult for
an MTA to put after EHLO a FQDN that can be resolved to its IP address.
Probably the standard cannot be so rigid, but including careful considerations
of what circumstances may or may not allow what names, seems a good idea.
David went so far as to ask for a reputation-ID after EHLO. I'm not sure
whether that would ease or complicate setting up an MTA.
Just to be clear, I'm not suggesting anything that would complicate setting up
an MTA, require new mechanisms, etc. (unless you mean complicate things for
crooks who might have a hard time acquiring a reputable ID, or for naive users
who want to send email directly from their cameras, without any reputable
intermediary service.) I have yet to see any sensible use-case that would be
complicated by a requirement that the HELO/EHLO name end in a registered,
verifiable domain name. If I want to receive email directly from my coffee
maker, I'll add it to my whitelist.
I am aware that many otherwise legitimate transmitters currently use invalid
HELO/EHLO names, and I don't reject their mail. I do, however, send their
messages immediately to the spam filter. If you want reliable delivery, you
need a valid identity, one which we can verify in DNS, and to which we can
assign reputation at any level we please.