On Thu, Jul 12, 2018 at 1:44 PM John R Levine <johnl(_at_)taugh(_dot_)com>
wrote:
On Thu, 12 Jul 2018, John C Klensin wrote:
And, of course, if we propose to modify 5321 to allow lighter
weight review, someone is likely to ask for a careful review of
what "with" is actually used for now (as distinct from whatever
was assumed in 2008 or even in 1982 (it might even be me). If
it has fallen into disuse ...
No problem there, it's quite useful. MTAs reliably put ESMTP or ESMTPS or
ESMTPSA in the WITH clause so you can tell whether a hop used TLS or was
authenticated. When explaining to people that yes, they really did send
the spam I complained about, WITH ESMTPSA is a smoking gun to tell them
that they have a compromised user account.
I see a trickle of WITH UTF8SMTPS tellimg me about EAI flagged mail.
Gmail puts WITH HTTP on messages coming from webmail which is wrong but
fairly benign.
Yeah, I think that was copied from somewhere like Y!Mail back in the day.
I remember getting into an argument with someone who complained about it.
In general,
we lie and say SMTP or SMTPS when in reality all Received/X-Received
headers between
internal servers have used our own rpc mechanism.
Which goes to the other thing, if you make this that strict, people will
just drop it or lie. You're not
going to review every internal "gateway" protocol.
And using that value for whether or not the message itself is 6532 or 5322
seems particularly bad, but
I know we disagreed about that one before.
Brandon
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp