sm(_at_)resistor(_dot_)net writes:
At 09:45 24-01-2009, David MacQuigg wrote:
Nobody I know makes that assumption. A more reasonable assumption is
that the Bad Guys won't be able to use the identity of a Good Guy
who is honest and competent.
If we were to have such an identity, we would need a way to verify it.
IMO, we'd need only a way to check whether it is in a set of such
identities (namely the set of guys we consider good).
But I don't care very much even about that. To my mind, requiring EHLO
from clients is really just formalising a requirement which (_AFAICT_)
most implementers think has been there since 2821 was published, or
even a while before that, perhaps since MIME came into use.
Why it's good or why it's bad is IMO insignificant. 2821 has said "use
ehlo and use an FQDN" for a long time and it doesn't seem to have been
much of a problem.
If it turns out that we get some sort of advantage from requiring FQDNs, fine.
Arnt