Re: [ietf-smtp] Reducing minimum recipient limit?
On 12/16/19 3:29 PM, Brandon Long wrote:
On Mon, Dec 16, 2019 at 5:45 AM Keith Moore
<moore(_at_)network-heretics(_dot_)com <mailto:moore(_at_)network-heretics(_dot_)com>> wrote:
On 12/16/19 8:01 AM, Tony Finch wrote:
this an area where practice appears to have diverged from the standard.
I not keen to see the limit reduced, but perhaps advice to clients to
default further below 100 than they may doing already may be warranted.
I can only speak to Postfix, which defaults to sending up to 50 and
I would like a requirement that servers must not reject the entire message
if there are up to 100 RCPTs even if the server returns 452 for some of
them. Senders can then pipeline safely.
Part of me wonders why there's a minimum number of RCPTs at all
if, practically speaking, the client has to be able to deal with a
server-imposed limit no matter where it is.
Seen in this light, the minimum requirement seems like more of a
guide for optimization by clients than a requirement for servers.
Then again, if existing clients are currently assuming 100 or some
substantial fraction thereof, I would not want to break them by
telling servers that they can now impose whatever limit they like.
I am tempted to suggest that there be a MAXRCPTS EHLO response to
let the server advertise its explicit limit. But again, this
would give license to servers to change existing limits.
Other than the rare server that really cannot store 100
recipients, is there some operational reason to permit fewer?
Did someone empirically determine, or arbitrarily decide, that
spambots would be more likely to send 100 recipients than
The limit that Gmail imposes is not based on a specific number of
recipients. Instead, it's based on available resources and the
in-memory footprint of the rules necessary for handling each
recipient. GSuite allows for creating rules that can be made
complicated by admins who do things like try to implement their own
anti-spam system, or write tools to convert from their previous system
to ours in less than ideal conversions, as well as having different
rules per recipient... and then claim there is no way to reduce their
rules, regardless of how un-useful they are (see the other thread
about ip-literals in EHLO except writ large). Couple that with some
less than ideal implementation for the rules system itself (probably
fine for small sets of rules, but very painful for large sets) and you
end up with some worst case scenarios in the 50MB per recipient range.
There's an open bug to remove that particular resource based temp
failures as we've evolved the system to reduce the problem, including
properly 4xx'ing recipients that have different rules (before there
were complicated attempts to merge the results or accept messages and
generate bounce messages later if there were mixed results), so we may
go back to accepting the rfc standard minimums most of the time next year.
That said, multiple addresses per transaction has been a pretty rare
feature. I'm sure our workload is biased because of how rarely we
send multiple transaction mail ourselves (see also enterprise rules
engine on sending with different rules per recipient), but last I
checked the average per transaction was 1.1. As we've had to move
more computation to be at smtp time, some of which is per-recipient,
including too many recipients in a transaction increases the number of
operations that have to complete successfully, some of which may be
cross oceanic (you think these two addresses are in the same domain,
but they actually work for different parts of an international
enterprise which has different data geoloc requirements for the
recipients in different offices), increasing the chances of a failure
which will temp fail the entire transaction. Keeping the number of
operations small and contained leads to more predictable performance
and better fault isolation.
Ie, its cheap to say "send this to all these people", but much harder
to know whether every one of those people can accept it.
Reading this, it appears to me that this is basically a tradeoff between
reporting per-recipient failures during the SMTP session versus
reporting (some of) them in via one or more NDNs. Of course NDNs have
various costs, not only to generate and transmit them, but also in
accepting a lower probability of the errors actually being reported to
some party that can address the issue that caused the delivery failure.
Regarding what the standards prescribe, my sense is that the standards
should give implementors a lot of leeway, but should be constructed as
to /maximize the reliability of successful delivery of (legitimate)
email/. (Granted that "legitimate" is hard to define but I think it
has to do with two broad factors - one is whether the content of the
message is appropriate, and the other is whether the message is
correctly representing its sender and recipients and signal path; and
NOT anything to do with things unrelated to message content, say, how
many recipients were in the envelope or whether an IP address literal
was used in EHLO.)
So does a hard requirement on how many recipients a server should be
able to accept, improve or degrade the reliability of email delivery?
I'm not sure, but I immediately see two consequences of not having a
1. having a minimum recipient requirement appears to shift some of the
error reporting to NDNs, with lower reliability for such reporting.
2. not having a minimum requirement may shift some implementation
burden (and potential for errors) from servers to clients (by requiring
clients to deal more flexibly with SMTP error codes), perhaps resulting
in more errors occurring earlier in the signal path with consequently
less probability of messages being delivered. Alternatively, the
client can behave like qmail and only relay one recipient per envelope.
This makes the client code simpler and less error-prone, but it also
consumes more network resources, client resources, and server resources,
which might also have an adverse effect on reliability if resources are
limited at any point on the signal path between client and server.
I suspect that all of these considerations pale in comparison with the
adverse effect on reliability caused by bogus spam filters (which seems
to be part of the reason for not supporting a minimum number of
recipients per envelope). So I might be inclined to suggest that
anything that encourages more message filtering via dubious criteria
should be discouraged by future revisions of the standards and/or by any
operational recommendations we might someday publish.
ietf-smtp mailing list