Re: [Asrg] Some data on the validity of MAIL FROM addresses

[Michael Rubel <asrg@mikerubel.org>]

Yakov Shafranovich wrote:
> See RFC 2821, section 3.1.:
> 
> ---snip----
>     However, in practice, some servers do not perform recipient
>     verification until after the message text is received.  These servers
>     SHOULD treat a failure for one or more recipients as a "subsequent
>     failure" and return a mail message as discussed in section 6.
> ---snip----
> 
> Even thought it might be recommended to do processing in real-time, in 
> practice many systems do not and will not. We must be take that into account. 

I agree with Yakov, and would even go further.  I think smtp-session
reject is falling out of favor and will eventually disappear.

There are strong reasons to prefer accept-then-bounce or even filter to 
reject.

(1) Reject gives feedback about your system to would-be bad
    guys--including dictionary spammers--in a much faster and more 
    reliable way.  Sysadmins rightly want to give out as little 
    information as possible, because that's standard practice anywhere
    security is involved.

(2) Reject is a less flexible mechanism.  Accept-then-bounce or filter 
    allows recipients to work around certain obselete or overzealous
    systems.

(3) Senders have come to understand that messages get incorrectly
    filtered as spam sometimes; they no longer expect to recieve an
    immediate rejection if there is a problem delivering a message.

Like ident, smtp-reject has some usefulness inside private networks, but
one shouldn't expect to see it widely used on the public Internet.

Mike


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg