Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Alessandro Vesely <vesely@tana.it> Mon, 05 October 2020 10:53 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C78CC3A0140 for <ietf-smtp@ietfa.amsl.com>; Mon, 5 Oct 2020 03:53:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phFXfkWeCZ9b for <ietf-smtp@ietfa.amsl.com>; Mon, 5 Oct 2020 03:53:32 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957473A00E0 for <ietf-smtp@ietf.org>; Mon, 5 Oct 2020 03:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1601895208; bh=MkRmZg3/Ud7J+YMynDBiLTGTYOQa0svHF4KX5lrrtQU=; l=724; h=To:References:From:Date:In-Reply-To; b=A84DT0yLMDwPqokF/E+AkSmtulZMx6x68uy5vxISO3873GkHdFyXGQL4nYKBPq77r y4izD8Sp9hKpG3r/DkuaIr9zbhim8i24tFN6tRLWhfQbviR3u6MaoOyW3nnuj9syMZ Gp6LnqDIZu60RaqZchR9e0iLHgBhDipztD/FKzHIHhy8Iezs5i789Qop6vcdQ
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC053.000000005F7AFB28.00004855; Mon, 05 Oct 2020 12:53:28 +0200
To: Keith Moore <moore@network-heretics.com>, John Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20201004214603.5C63B22EE214@ary.qy> <3b9f2e02-24e7-a3c6-d763-e07eb2912fb2@network-heretics.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <51bde0f5-6828-1190-44ba-bd92a9d828d4@tana.it>
Date: Mon, 5 Oct 2020 12:53:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <3b9f2e02-24e7-a3c6-d763-e07eb2912fb2@network-heretics.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/AU-9dYbIQ8A2Lsb8Kd2Dq4iNne4>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 10:53:34 -0000

On Sun 04/Oct/2020 23:57:14 +0200 Keith Moore wrote:
> On 10/4/20 5:46 PM, John Levine wrote:
>> 
>>> Is there a more recent standard for doing so than postmaster@?
>> Um, RFC 2142 published 23 years ago.


I'm surprised John didn't mention RFCs 7480-7484.  Nowadays you can get the 
email address of an ISP's abuse team by just feeding a simple command line 
program with the culprit IP address.

No need to tentative postmaster or abuse addresses at some guessed domain names 
or network abuse clearinghouses.

Oh, well, some ISPs have no abuse team or don't publish its email address. 
Whether LIRs should mandate responsive abuse teams is yet another 
purists-vs-realists quibbling subject.


Best
Ale
--