Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore writes:

3. 821, 1123, and subsequent revisions all seem to be based on theassumption that if you're operating an SMTP server, you're trying in goodfaith to deliver (legitimate) email reliably. I'm not sure this assumption


And you should have a pretty good idea of what your IP address is.

Seen from that perspective, maybe 5321's language about EHLO arguments coulduse some updating along the following lines:
- For a very many reasons [which could be listed, or not], SMTP servers haveno reasonable expectation of being able to determine the validity orlegitimacy of a message based on comparison of the EHLO command argumentwith anything else at all. Therefore if what you're trying to do isreliably deliver legitimate mail (for some meaning of legitimate),validation of EHLO arguments is useless and strongly NOT RECOMMENDED.

The exact phraseology is only secondary. The point I was making is that Isee that EHLO/HELO validation is employed in practice, and it is inpractical use. And based on my own experience, it is highly effective. LikeI said, in 20+ years I've been doing strict domain validation on HELO/EHLO Ido not recall a single false positive, and a mind-boggling amount of crapthat got blocked.

And I think that in practical situations this is going to outrank, inpeoples' minds, any demand that they MUST NOT do that.

Of course, if your goal is really to discard mail for no good reason, andyou're not handling incoming mail for anyone but yourself, have at it! Just have the decency to blackhole the mail rather than bounce it, sinceyou're really not doing anyone any favors.

On that point I'll also have to disagree. It's better to reject the mailwith a 5xx, than /dev/null it.

pgpXSy6s5ybke.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp