On 12/19/19 5:54 AM, Peter J. Holzer wrote:
On 2019-12-16 18:15:51 -0500, Keith Moore wrote:
On 12/16/19 5:53 PM, Michael Peddemors wrote:
Frankly, it simply points to professionalism, is the operator of the
sending platform informed enough to use a proper FQDN, and often that is
enough to make some operators consider email arriving as less trust
worthy.
Yes, it does point to professionalism. Is the operator of the mail service
professional enough to use only valid criteria in filtering mail, or do they
make arbitrary, uninformed, cargo-cult decisions about what filtering
criteria to use?
How do you know whether they did the first or the latter?
In this specific instance, I don't know. But I've seen the latter done
so many times that I can't dismiss the possibility.
Another disturbing thing I've seen is people essentially making up their
own rules based on their own prejudices about what "professional"
operators "should" do when sending mail.
(As an aside, I've come to realize that use of the word "professional"
and derivatives thereof is a lot like use of phrases like "it is clear
that" or comparisons with "reality" - all of these are often indicators
of prejudice and/or unexamined assumptions. The speaker may be
accepting his/her assumptions without question and expecting the
audience to do the same.)
Sure, the wrong explanation ("RFC 2821 violation", when there was in
fact no such violation, and RFC 2821 isn't even the relevant RFC
anymore) strongly suggests that whoever implemented that filter wasn't
exactly firm in their knowledge about protocol details.
But it is still possible that they analyzed a large collection of SMTP
sessions and found that this specific test reduced spam by X % at a
false positive rate of Y % (with Y very close to 0). That would make the
decision very much informed and non-arbitrary and the criterion valid.
I might agree with you about that, IF the analysis were carefully
designed, AND it were performed accurately on a statistically valid
sample, AND the analysis were repeated at frequent intervals, AND the
required FP rate were established in advance by policy and not merely on
a whim. But in my experience, usually none of these is true.
Note also in this case - where the presence of an IP address literal in
EHLO is used as the sole criterion for rejecting a message before the
message is actually transferred to the server - there's no opportunity
to consider other criteria such as sender address validity, DKIM or
other indications of authenticity, or the content of the message
itself. To justify rejecting a message on a single test that is
entirely unrelated to the content, I'd expect that test to have an
extremely low FP rate, much better than one considered "good enough"
when used in conjunction with other tests.
Keith
p.s. I don't accept presence of an IP address literal in EHLO as a valid
test for spam simply because I've seen too many servers reject mail
because they didn't like the DNS name presented in EHLO. While "real"
servers on the public Internet probably do have DNS names, there are
operational reasons to justify not using them in EHLO. Who is to say
which choices are "professional"? I think it's a silly game, and we
shouldn't pretend like we can build a reliable email service by
encouraging such games.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp