Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <moore@network-heretics.com> Sun, 04 October 2020 21:57 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CB43A0A3A for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 14:57:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FxpWPvdspl1n for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 14:57:17 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60F3C3A0A39 for <ietf-smtp@ietf.org>; Sun, 4 Oct 2020 14:57:17 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 1D34C91A; Sun, 4 Oct 2020 17:57:16 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Sun, 04 Oct 2020 17:57:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=LFCj0bNTAHZFtqZDkuGgyjijlbdn7EHAEoy4r/FQ5 tw=; b=J7MLc3ewL+E6L/JxTBfuauujpXF8pxQQhyVcROe2uyra8dbGlkHjS41Fr V5it9FXKJOBwCRcVDlO76A//JdGTe+qs0b8DbdCAQ5abXfhgM0aWZKSxKkX12s21 +TULxjQXWBcqUAlc7Jh/Q03bU6HwpEGxSYhd582a1iBvHazlYJfPYogjSxoXDpi0 4TLrx/mREKbhPPKAojEsbJmsCfW6JyD8JhmOmcFfy2XA7xQX2J4CtDJJDL684lj+ 7mUT8LcvBnxbO6J3+pkwZwDO08+HL7T6ry1V/7BXWTmP+ird3z8i8NNiHvYmIVYv j5yac+h5pgHCXb4ustuX0WcSZok7Q==
X-ME-Sender: <xms:OkV6X3OZRkHbtbMuPoaxNJRFLEaqGYytRArAocwlf2zyBzPT0S8McA> <xme:OkV6Xx_E5rAkFCexKh73Qf7kkMi9tuHbOrL5ngTfMnSGA6OiwlbJOt_ds1U8KtpOl 3c-KnGLtJAjiA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrgedugddthecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucggtffrrghtthgvrhhnpeehhfeutdehfefgfefghfekhefguefgieduueegjeekfeel leeuieffteefueduueenucfkphepuddtkedrvddvuddrudektddrudehnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:OkV6X2SzaUwyYtyVEaHMByi8ef0OH8u-ImaRtPF_nB9fjNcdIlM8oQ> <xmx:OkV6X7ulQN0jEwPQjMWUlGbYHGlL3Reb8L29bcv506ya05JkaVsWYg> <xmx:OkV6X_dWFHj-1vyC-wdAtrYnHHrfyGXIVi4jsbAoiTEzrxoe_RPw9A> <xmx:O0V6X5qfV2otlZ2wozwYOugJnqR398NXLUSVRf3dUPv_UN7oV13JCA>
Received: from [192.168.1.85] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id B12C23064610; Sun, 4 Oct 2020 17:57:14 -0400 (EDT)
To: John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20201004214603.5C63B22EE214@ary.qy>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <3b9f2e02-24e7-a3c6-d763-e07eb2912fb2@network-heretics.com>
Date: Sun, 4 Oct 2020 17:57:14 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20201004214603.5C63B22EE214@ary.qy>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/2RpuieFH9-4QgOVxt9e9EjB7GPE>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2020 21:57:19 -0000

On 10/4/20 5:46 PM, John Levine wrote:

> *  Do not host your email system ‘in the cloud’
>> I'm not sure what this actually means or why it's still a bad idea.
>> Cloud hosting makes a lot of sense for various reasons.
> It's a bad neighborhood, since you can expect your neighbors to be
> poorly managed botted spam-spewing web servers. It varies by cloud
> provider but the median is pretty bad.

Is it really fair to assess senders based on their "neighborhoods"?    
At what point does this depart from common sense and into the realm of 
pure prejudice?  ("That IP address is from across the tracks, which is a 
bad part of the net.")

And again, what does "in the cloud" actually mean?   Is renting a server 
in a rack at some hosting provider really better than renting a VM, or 
is it necessary to originate mail from your own address block that's 
routed to your enterprise network?

In most respects outsourcing of server provisioning, maintenance, and 
connectivity has become normal, widely accepted, often recommended 
practice.   Why should email be different?

It's hard to escape the impression that a lot of spam filters are based 
on imposing completely arbitrary restrictions on senders, on the belief 
that "good senders" will know which hoops they have to jump through (and 
have sufficient funding to do so) while "bad senders" won't.

>> Is there a more recent standard for doing so than postmaster@?
> Um, RFC 2142 published 23 years ago.

ok fine.   I was wondering if some sort of other channel for this had 
been established in the last couple of decades, that I hadn't heard of.

Keith