Subject: Re: Greg Woods - please fix your mailer!
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 07/06/1998 22:58:47
[ On Mon, July 6, 1998 at 20:41:21 (-0500), firstname.lastname@example.org wrote: ]
> Subject: Re: Greg Woods - please fix your mailer!
> In message <email@example.com>, David Maxwell writes:
> >The RFCs specifically state that an MTA MUST NOT accept a message unless
> >it can guarantee being able to return error messages. By using a From: address
> >with a host portion which has no MX, the mailer cannot be assured of its
> >ability to return errors.
Well, as far as I know the RFCs aren't terribly specific either way on
the exact requirements of the SMTP envelope sender address. However
David's conclusion is entirely correct. RFC1123 section 5.3.3 is very
specific about what lengths a receiving SMTP host must go to ensure that
it will not lose a message regardless of whether or not it can be
delivered. This means it must ensure that the sender address is valid
so that, as David says, errors can be reliably returned. The only two
ways I know to ensure in real time that an address is valid are to
either assume it will be so because an MX record exists for the domain
in question, or to actually try connecting to the sending host's SMTP
port and VRFY or EXPN the sender address. The latter is still too
expensive and unreliable and the former is far better than nothing.
If you folks will pay attention to the world around you I think you'll
find that my site, and other modern smail sites, are far from the only
sites and mailers that are enforcing sender address verification even to
the limit of requiring a valid MX for the sender address domain.
BTW, there's little or no benefit for spam prevention in this
verification. Spammers are free to use the required "empty" return
address ("<>") and many are learning to do so. (Of course those that
aren't smart enough to realize this will inevitably use an invalid
sender address because they've got this strange ego thing about making
up bogus addresses.)
> I was under the impression that the official behavior was to use the A record
> as an MX if there isn't an MX listed.
There's a *HUGE* difference between being a "sending SMTP" host and a
Even this requirement from RFC974 (and re-enforced by RFC1123) requiring
support for sending to hosts with only 'A' records should have been
eliminated a decade ago. Such nonsense is absolutely barbaric.
Greg A. Woods
+1 416 443-1734 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>