On Sat, Apr 19, 2014 at 8:31 AM, Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
"If the RFC5322.From domain does not exist in the DNS, Mail Receivers
SHOULD direct the receiving SMTP server to reject the message."
As far as I can tell, that bit of poor advice hasn't been implemented.
Why is that poor advice? It's not uncommon for an MTA receiving mail to
confirm that the message is replyable, at least insofar as an A and MX
are
available for whatever comes after the "@".
It's outrageously poor advice, for the simple reason that there's all
kinds of
legitimate email that's sent for all kinds of different reasons that you
don't
want people to be able to reply to. And the sooner they get a failure when
they
try and reply, the better.
As such, the ability to reply to the RFC5322.From tells you almost nothing
about its legitimacy.
It's yet another case where a failure to consider the multiple semamtics
field like RFC5322.From has, and designing to a subset of those designs,
ends up screwing things up.
If you say so, but I can't think of an example off the top of my head. Is
that still a currently-used tactic? Most of the examples I can think of
involve a valid address that produces an automated response when someone
replies, rather than using something that is completely unreachable.
I seem to recall common use of From: field validation back when that
capability was introduced into open source sendmail as an anti-spam tactic,
though it was never supported by the vendor directly. Maybe it's less
common now.
-MSK