John C Klensin wrote:
The claimed reason for not making this change was that it
would be too hard on some small fraction of legitimate
senders. Three cases were presented. 1) The small office with
a dynamically-assigned IP address. 2) The roaming laptop.
3) The digital camera.
The solutions considered too difficult were:
1) Get a static IP address for the transmitter in the small
office. 2) Relay through a transmitter with an established
identity and reputation. 3) Authorize the entire block of
addresses that might be dynamically assigned to the
transmitter. 4) Use an address literal, meaning - please
accept this session without a HELO ID.
Have I missed anything?
I don't think so, as long as it is clearly understood that this
does two things:
(i) Defines a domain name argument that does not match the
public Internet address of the sender as "invalid" -- thereby
de facto preventing most SMTP clients that are using private
address space behind at NAT from sending mail -- even if that
domain name conveys accurate information about the sending
system.
(ii) Forces people toward use of IP literals, even IP literals
in private address space (i.e., that convey little information),
when domain names might make the sender more identifiable and
more easily contacted.
I agree with John here.
Either, everyone will useless IP literals, or this change will *force*
many small businesses to use either their ISP's poor quality smarthosts,
or pay extra for a decent quality smarthost (and probably push them
further towards giving up email).
Requiring people to have a static IP address is doomed to failure, as
(a) IPv4 address space is running out, so ISPs will be pushing towards
dynamic addresses, and (b) many ISPs already don't allow static IP
addresses.
I don't see it giving any benefit, since 'bad senders' already know
SMTP/domains well enough to be able to make their mail look legitimate
enough to get through a crude filter like this. (eg - A spammer could
trivially create their own domain 'spammer.com' and "create" a virtual
zone of 4 billion entries (one for each IP address) and the spambots
will use the relevant entry from that domain as their EHLO data. Instant
'pass' of any EHLO checking based on correspondence of EHLO to IP address)
IMV, arguments against SPF or DKIM pale into insignificance before the
problems of this proposed change.
Something like SPF can give a big benefit, while only requiring people
to use an authorised submission server. This requires far more people to
use a submission server, and only gives a very dubious benefit.
--
Paul Smith
VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows