[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-30 11:34:11

John C Klensin wrote:
The following are all perfectly valid decisions under 5321 as written:

        * Rejecting the EHLO command and message because the
        argument does not follow the syntax rules.

        * Rejecting the EHLO command and message because the
        apparent FQDN in the argument does not resolve at all in
        the public DNS.

        * Noticing that the EHLO argument does not resolve to
        the address obtained from the connection, writing a
        private-use header into the message that records that
        fact, and then forwarding/delivering the message anyway.

        * Noticing that the EHLO argument does not resolve to
        the address obtained from the connection, delivering the
        message anyway, but delivering it to a folder different
        from the one that would normally be used for incoming
        messages associated with the RCPT command address.

I agree with Paul that the second point is not obvious. The text above is much clearer than the spec!

DNS/whois data has experienced a series of adjustments for the sake of privacy and users' right to anonymity. I accept that it should be possible for a user to send mail anonymously. However, I'd refuse that the operators of an SMTP relay may remain anonymous. Is that a more or less universally agreed stance?

It depends on _exactly_ how you define "SMTP relay". If it includes submission servers, the same privacy arguments that have been applied to senders would apply to it too.

I beg to differ. As a postmaster, I may grant anonymity to my users. For example, I may suppress identification in the Received header. Thus, I can be readily identifiable, e.g. via whois information, while my users can send anonymously by altering their From header. Note that their anonymity is only granted until a judge will want to investigate my logs. (Since 2005, the Italian law forces "operators" to keep logs of mail transactions for some months; in the UK, they've been discussing this recently --it's an EU anti-terrorism determination.)

Not being an anonymous operator involves choosing an ISP that does reverse DNS delegations, and registering a domain directly rather than through a whois-privacy-enhanced registrar. The first step is not always possible, which is why we had that discussion on submission identifiers. The second step is the rule, AFAIK. Although I know that whois queries on each incoming message would not be tolerated, what I meant to ask is whether the recognizability implied by the EHLO command is meant, from an ethical POV, to reject anonymous relays.

The ability to close down or restrict traffic from servers that support anonymous senders is equivalent to the ability to shut the anonymous senders down.

I don't think I know what you mean. Formally, I cannot know if an SMTP server supports anonymous senders.

<Prev in Thread] Current Thread [Next in Thread>