At 09:50 AM 1/26/2009 +0000, Paul Smith wrote:
I have a 'common' situation in mind. Whether you like it or not, it is
common enough.
There is a small business who has bought Microsoft SBS. They are running
Microsoft Exchange with the POP3 connector over a dynamic IP ADSL. They
have Exchange set up for direct sending, with fallback to their ISP's
smarthost. They don't want to change to always use their ISP's smarthost
because that has long delays in sending.
What are they supposed to use for the EHLO parameter if it is important
enough to mean the difference between delivery or not?
This is a good case. I think we can include Steve's example as a sub-case,
since he has a static IP address from his ISP.
The solutions in this case include the three suggested for the roaming laptop,
plus another option. Get a static IP address from your ISP. In my office I
have a small network behind a NAT with one external address. My ISP charges
$10 per month for the static IP. Last I checked, the phone company price was
the same.
By the way, I don't use my static IP for sending mail. For reliable delivery,
I relay my outgoing mail through a Giant Provider, not because of
authentication problems, but simply that my domain is too small to have any
clout with receivers. I spent several hours negotiating with just one Giant
Provider to get on their whitelist. The change I am suggesting will make it
easier for small companies to establish their identity, build a good
reputation, and operate their own transmitters. That may be one reason we
haven't seen a solution to the identity fraud problem. The Giant Providers
like the status quo.
I guess this discussion has about run its course, so I'll summarize. We've
narrowed the question to just whether SMTP should drop the requirement that
receivers MUST NOT reject apparently forged helonames. The suggested language
for a change was:
An SMTP server MAY reject a mail session if a domain name argument in
the EHLO command does not actually correspond to the IP address of the
client. Clients that are unable to establish this correspondence MUST
NOT provide an invalid domain name argument.
The claimed benefit was that a currently useless and frequently abused
parameter, the heloname, could then become useful in rejecting forgeries, and
that would motivate legitimate senders to take it seriously. This in turn
could lead to large numbers of receivers making good use of the heloname,
whitelisting legitimate domains, etc. Eventually almost all legitimate mail
would go this route, and only a small fraction would have to go through a spam
filter, reducing losses, and improving the reliability of email communications.
The claimed reason for not making this change was that it would be too hard on
some small fraction of legitimate senders. Three cases were presented.
1) The small office with a dynamically-assigned IP address.
2) The roaming laptop.
3) The digital camera.
The solutions considered too difficult were:
1) Get a static IP address for the transmitter in the small office.
2) Relay through a transmitter with an established identity and reputation.
3) Authorize the entire block of addresses that might be dynamically assigned
to the transmitter.
4) Use an address literal, meaning - please accept this session without a HELO
ID.
Have I missed anything?
-- Dave