[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-29 10:46:18

Paul Smith wrote:

In our experience of supporting small businesses' mail servers it is actually very rare to check the EHLO parameter at all. [...] We have yet to come across a recipient where if they change it so that
it sends 'EHLO [<local ip address>]' or 'EHLO' it won't
work, even though the first is useless and the second is strictly

I'd say the second is valid, since the spec says it must not be
rejected. From an ethical POV, having a DNS record to confirm that the
domain endorses the address being used should be preferred. (From an
operations POV, users cannot read their mail from outside the office
without that.)

AIUI, this is what is expected from RFC 5321, and it means that spammers haven't put any effort into what EHLO parameter to send, because it doesn't matter what you use if the recipient is standards compliant.

If this changed, (as was suggested) so that the EHLO checking was almost universal, then it would break lots of legitimate senders as well as spammers, but the spammers would be able to fix it a lot easier than legitimate senders.

OK, DNS checks can be worked around. However, I'd reckon that it is
still easier for legitimate senders than for spammers to do that.

DNS/whois data has experienced a series of adjustments for the sake of
privacy and users' right to anonymity. I accept that it should be
possible for a user to send mail anonymously. However, I'd refuse that
the operators of an SMTP relay may remain anonymous. Is that a more or
less universally agreed stance?

<Prev in Thread] Current Thread [Next in Thread>