[Top] [All Lists]

Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

2020-09-27 07:58:43
Keith Moore writes:

3. 821, 1123, and subsequent revisions all seem to be based on the assumption that if you're operating an SMTP server, you're trying in good faith to deliver (legitimate) email reliably.   I'm not sure this assumption

And you should have a pretty good idea of what your IP address is.

Seen from that perspective, maybe 5321's language about EHLO arguments could use some updating along the following lines:

- For a very many reasons [which could be listed, or not], SMTP servers have no reasonable expectation of being able to determine the validity or legitimacy of a message based on comparison of the EHLO command argument with anything else at all.   Therefore if what you're trying to do is reliably deliver legitimate mail (for some meaning of legitimate), validation of EHLO arguments is useless and strongly NOT RECOMMENDED.

The exact phraseology is only secondary. The point I was making is that I see that EHLO/HELO validation is employed in practice, and it is in practical use. And based on my own experience, it is highly effective. Like I said, in 20+ years I've been doing strict domain validation on HELO/EHLO I do not recall a single false positive, and a mind-boggling amount of crap that got blocked.

And I think that in practical situations this is going to outrank, in peoples' minds, any demand that they MUST NOT do that.

Of course, if your goal is really to discard mail for no good reason, and you're not handling incoming mail for anyone but yourself, have at it!   Just have the decency to blackhole the mail rather than bounce it, since you're really not doing anyone any favors.

On that point I'll also have to disagree. It's better to reject the mail with a 5xx, than /dev/null it.

Attachment: pgpXSy6s5ybke.pgp
Description: PGP signature

ietf-smtp mailing list