Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Richard Clayton <richard@highwayman.com> Mon, 28 September 2020 00:52 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 057703A09C0 for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 17:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcOqMbYEp4yL for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 17:52:38 -0700 (PDT)
Received: from mail.highwayman.com (mail.highwayman.com [82.69.6.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E084B3A0985 for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 17:52:37 -0700 (PDT)
Received: from localhost ([127.0.0.1]:53726 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.94) (envelope-from <richard@highwayman.com>) id 1kMhP9-0006Cg-Si for ietf-smtp@ietf.org; Mon, 28 Sep 2020 00:52:35 +0000
Message-ID: <s1Gob6BEOTcfFAg3@highwayman.com>
Date: Mon, 28 Sep 2020 01:51:16 +0100
To: ietf-smtp@ietf.org
From: Richard Clayton <richard@highwayman.com>
References: <402e7482-394f-e077-48b9-c9e47047c49d@dcrocker.net> <55218bbd-b001-ae3f-1afd-e4328ec7ba35@network-heretics.com> <c6b5dae5-d20a-c876-ce5a-86e1d073cf8f@dcrocker.net> <c4a66db8-e3f5-3f6f-acb0-afe01a69a27a@network-heretics.com> <cone.1601250950.437858.35945.1004@monster.email-scan.com> <ac132a1a-ec83-1ec6-dd34-85fd3bba95c5@network-heretics.com> <cone.1601252021.530626.35945.1004@monster.email-scan.com> <6330c607-5ede-4766-1823-5c8be8a9097b@network-heretics.com>
In-Reply-To: <6330c607-5ede-4766-1823-5c8be8a9097b@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Turnpike Integrated Version 5.03 M <74w$+3BX77vcrNKLsib+d+vSDo>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/3ugZNy7NT9W2IBjItP-B48SpcvU>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 00:52:40 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <6330c607-5ede-4766-1823-5c8be8a9097b@network-heretics.com>om>,
Keith Moore <moore@network-heretics.com> writes

>But this is a silly discussion.  

It seems backwards from where it started ... which effectively came down
to what would be good advice to proffer to a client to ensure that their
email deliverability improved.  The good advice "why don't you make sure
that forward and reverse DNS match up and say EHLO in a consistent
manner" is difficult (as has been pointed out) for some clients to
follow ... and that's why IMO it ends up as a SHOULD rather than a MUST.

>I certainly acknowledge that spam 
>filtering is hard, and that the state of the art is to use unreliable 
>heuristics.   

I would disagree ... state of the art is ML clustering algorithms using
a wide range of signals, where even the people who developed the systems
find it fairly hard to reliably predict beforehand which of those
signals are going to be of real significance.

Since the only practical way of tuning these algorithms is end-user
free-back that means that special precautions are needed to (a) ensure
that the bad guys do not detune them by "gaming" and (b) that even if
large numbers of people give the feedback that their cellphone bill is
spam this does not override the fact that treating everyone's cellphone
bill as spam would not be a Good Thing

"Heuristics" ... that is, human generated rules which give consensus
"scores" to the spammy-ness of email are far less effective (and we have
25 or so years of experience to demonstrate that).

Now of course, tuning the ML clustering algorithms is especially
difficult if you don't see enough email (ie not billions a day) because
almost everything is too unique to cluster.  But that doesn't make
heuristics "state of the art" -- it just indicates that there's a
failure to by the community as a whole (rather than a handful of very
large providers) to develop ways to share pre-tuned clustering models. 

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBX3EzhN2nQQHFxEViEQIZowCbB2kg8fm+bD0uvFXBuAMf6ZnmhL4AoKb0
XDOxuYBLPPjrfd8jrC0l9cj8
=6asf
-----END PGP SIGNATURE-----