[Top] [All Lists]

Re: [ietf-smtp] IETF Policy on dogfood consumption or avoidance - SMTP version

2019-12-17 17:35:30
[ Replying to just ietf-smtp, I hope that's OK. ]

On Dec 17, 2019, at 6:04 PM, Hector Santos 
<hsantos=40isdg(_dot_)net(_at_)dmarc(_dot_)ietf(_dot_)org> wrote:

For me, being consistent allows for raising the bar.  In regards to the new 
ietf mail policy, if it was consistent with this new 550 policy to reject 
legitimate ip literals for a yet to be explained non-reason, it would be more 
consistent and acceptable,  if it also consistently enforced a correct FQDN 
using a new 550 policy justification to reject IP::DOMAIN mismatches.  After 
all a "real" MTA is expected to use rDNS to obtain the correct FQDN for the 
sender machine.  No?  That is not always optimal. Small lite weight SMTP 
clients exist.  PTR slows them down.  What if there is no PTR record?   After 
all, again, more inconsistency, are we promoting PTR records now? For a 
certain period there, we were discouraging them, in fact, I think SPF tried 
to deprecate it. I am not going to bother to confirm but I recall the debates.

Your insistence on "consistency" is misplaced.  The literals are
rejected because they are almost never used by legitimate MTAs,
and sufficiently often used by abusive clients.

Nobody is attempting to "validate" the HELO name.  The policy goal
is to block as much junk as possible at least cost, without incurring
too many FPs.  Blocking address-literals *from strangers* (i.e. not
submission or fax-to-email machines on the local network, etc.) appears
to work well enough.

Validation of HELO FQDNs does not work well.  The policy is not trying
to enforce any sort of RFC correctness, it is just a (presumably)
modestly effective anti-spam measure.  That's all.

Consistency with everyone "expected" to play by the same rules is paramount 
for maximum interoperability and with minimum support. IMO, this odd "operational decision" could drastically change things 
because now others will follow.

Everybody is expected to use an FQDN.

I am still trying to understand why the legit IP-literal is being rejected in 
the first place.  I don't see any legit reason for it.  Do you?

Because (once again) their use by legitimate MTAs is minuscule,
but their use by sources of abuse is not.


ietf-smtp mailing list