Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <> Sun, 27 September 2020 19:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3C91B3A0AF3 for <>; Sun, 27 Sep 2020 12:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IkuRvFG0BSmU for <>; Sun, 27 Sep 2020 12:53:50 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0FD513A0141 for <>; Sun, 27 Sep 2020 12:53:49 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 4C59C5C00F8 for <>; Sun, 27 Sep 2020 15:53:49 -0400 (EDT)
Received: from mailfrontend1 ([]) by compute4.internal (MEProxy); Sun, 27 Sep 2020 15:53:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=2v+NQ36bGjJuZWLhsiTGBdsOz5AONeOFt5gJS02hf a4=; b=oZD5vUa07rfc+mZ7gp5KQvPHWv/pbpBxgiTk5lp8eqx3eku68yulye8aI 3POehy0Edff08Fx8MKehJDzajKv/AUz3GsXnueOmeyhJGIrCXQMuBk4KPF1mp2rY 0UUA9zXKgDe3rWV/impF6Uv3hHzlcjA79/FuT7NsSN+z884g+RjkC4wjZOelxRfD LW8m5yK5CEB7kdstDtVPUzZR3N9M6fWfs7tscmvQGQsrteGGKNHsU7w44GnKk6Dk 0VEEpdZcmhU1gg6wjZkMOjenDjudEB1jcrT3GblBvFvtM5FsUYNDW/inGUDjEGUm 7DZM94I1u0SxpvfRnXnMWYpRwXcBw==
X-ME-Sender: <xms:ze1wXwzvUly3TCJoZKTMWuOoSFhlYcpA_YH51chcsJgJAbJOjM4_Uw> <xme:ze1wX0SsGuEsDcnrg5gFtfOOtzder_DBVjIURBG36tcAbPp__lE8VoTHPufC0AHPn gebDgW4IGcXOw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdeggddugeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhffkffgfgggjtgfgsehtke ertddtfeejnecuhfhrohhmpefmvghithhhucfoohhorhgvuceomhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpeehhfeutdehfe fgfefghfekhefguefgieduueegjeekfeelleeuieffteefueduueenucfkphepuddtkedr vddvuddrudektddrudehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepmhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:ze1wXyXJMI2na3IinkQcWelWauafQOqXBvazS-wHPScKDerH9qUqjQ> <xmx:ze1wX-hOfLt4fVluncZO2D-eYneSEStADsyFeGC_0LvrsL5ItSP3Hw> <xmx:ze1wXyDN9axcnbFdvt5n3SaGvbcPaddZqnFu12wFjdIK1uQ2RkJsbA> <xmx:ze1wXywAlgc4hEypditt8LCt5eqlw8jlEvH_NDa4tQEOg3-1Z6ANCQ>
Received: from [] ( []) by (Postfix) with ESMTPA id E4F9B328005D for <>; Sun, 27 Sep 2020 15:53:48 -0400 (EDT)
References: <20200927052221.E0A1A21D3A2D@ary.qy> <> <> <> <> <524505CF8F2AED906ABA4810@PSB> <> <>
From: Keith Moore <>
Message-ID: <>
Date: Sun, 27 Sep 2020 15:53:47 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 27 Sep 2020 19:53:52 -0000

On 9/27/20 3:24 PM, John R Levine wrote:

> We have a problem that I think is insoluble: there is a long tail of 
> mail senders, most of people in the tail don't know what they're doing, 

The bar for "knowing what you're doing" has been raised considerably.   
What used to be simple has become a black art.

> and spammers have made it impossible to give senders the benefit of 
> the doubt. Given the prevalence and maliciousness of spam, much of 
> which comes from compromised hosts whose nominal owners have no clue, 
> if it doesn't look squeaky clean, it's probably malware. 

Every time I see a statement like that that doesn't even consider the 
false positive rate, my bogometer pegs.   It's like the elephant in the 
room that nobody wants to talk about.


p.s. However, we don't have to revisit the whole spam problem in order 
to decide what 5321bis should say about EHLO verification.