Subject: Re: Greg Woods - please fix your mailer!
To: None <current-users@NetBSD.ORG>
From: Bill Studenmund <email@example.com>
Date: 07/06/1998 20:39:53
[obviously I can't respond directly :-]
On Mon, 6 Jul 1998, Greg A. Woods wrote:
> [ On Mon, July 6, 1998 at 20:41:21 (-0500), firstname.lastname@example.org wrote: ]
> > Subject: Re: Greg Woods - please fix your mailer!
> > In message <email@example.com>, David Maxwell writes:
> > >The RFCs specifically state that an MTA MUST NOT accept a message unless
> > >it can guarantee being able to return error messages. By using a From: address
> > >with a host portion which has no MX, the mailer cannot be assured of its
> > >ability to return errors.
> Well, as far as I know the RFCs aren't terribly specific either way on
> the exact requirements of the SMTP envelope sender address. However
> David's conclusion is entirely correct. RFC1123 section 5.3.3 is very
> specific about what lengths a receiving SMTP host must go to ensure that
> it will not lose a message regardless of whether or not it can be
> delivered. This means it must ensure that the sender address is valid
> so that, as David says, errors can be reliably returned. The only two
> ways I know to ensure in real time that an address is valid are to
> either assume it will be so because an MX record exists for the domain
> in question, or to actually try connecting to the sending host's SMTP
> port and VRFY or EXPN the sender address. The latter is still too
> expensive and unreliable and the former is far better than nothing.
> If you folks will pay attention to the world around you I think you'll
> find that my site, and other modern smail sites, are far from the only
> sites and mailers that are enforcing sender address verification even to
> the limit of requiring a valid MX for the sender address domain.
Address verification via DNS is good...
> BTW, there's little or no benefit for spam prevention in this
> verification. Spammers are free to use the required "empty" return
> address ("<>") and many are learning to do so. (Of course those that
> aren't smart enough to realize this will inevitably use an invalid
> sender address because they've got this strange ego thing about making
> up bogus addresses.)
> > I was under the impression that the official behavior was to use the A record
> > as an MX if there isn't an MX listed.
> There's a *HUGE* difference between being a "sending SMTP" host and a
> "receving" one....
> Even this requirement from RFC974 (and re-enforced by RFC1123) requiring
> support for sending to hosts with only 'A' records should have been
> eliminated a decade ago. Such nonsense is absolutely barbaric.
Why? Why do I have to have two entries (MX and A) for a host, if that host
is perfectly capable of receiving its own mail?
I like the idea of verifying the DNS entry for a host, but why reject the
case when you get no MX and an A? You are in a position to send back an
error message (well, as good a position as you are with an MX record). ??