On Wed, 1 Jan 2020, Keith Moore wrote:
In my mind the question is: how to explain to ordinary operators,
administrators, IoT device vendors, etc. how to make this work well? If
someone is developing an IoT device that needs to send mail, what is that
device required to do, what configuration options should it offer, etc.?
A BCP for submission configuration advice wouldn't be a bad idea. I don't
think it needs to be very complicated but you're right that stuff that
seems obvious to us is not to other people. I don't know much about
embedded environments but I think we could suggest some best practices,
e.g., if the recipient needs the IP address of the sending device, put it
in the message and don't depend on recovering it from the envelope or From
header.
R's,
John
PS:
p.s. I somehow doubt that we should recommend authentication based only on IP
address at any level, though. That's poor practice even for a small
network that assigns static IP addresses to all of its hosts. More broadly
there's a widespread misconception that isolated networks are not subject to
security threats or that perimeter defenses are sufficient to protect them,
It sounds like you may be conflating "authenticated" and "good". The
point of authenticating submissions is so that you know where they're
coming from, and you're not an open relay for every random hostile host in
the world, not that you know it's mail the recipient wants. A device can
be compromised or just have a bug and suddenly decide that it has 86,400
overdue update messages it needs to send right now through its 100%
authenticated submission channel. That's why submission servers need
sanity checks on the mail they handle._______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp