Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <moore@network-heretics.com> Sun, 27 September 2020 02:00 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633613A0E49 for <ietf-smtp@ietfa.amsl.com>; Sat, 26 Sep 2020 19:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYbAr5RVjyvi for <ietf-smtp@ietfa.amsl.com>; Sat, 26 Sep 2020 19:00:15 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 215A23A0E46 for <ietf-smtp@ietf.org>; Sat, 26 Sep 2020 19:00:14 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id F33E2D19 for <ietf-smtp@ietf.org>; Sat, 26 Sep 2020 22:00:13 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Sat, 26 Sep 2020 22:00:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=uYv4wF+i3qXPzGGKANzJ9jmywlYh9dXNw9NMnvmh2 BA=; b=SebCZtBsLoSZEzYnKxrkEzEsxufZmeWnIhQx6Wua79F8GYTts3LrnN3tg g2kH+eS7aQKlsdhRWEZYFW7E9yAkpDA8beyzsX3NeI2M/IE5aef+T4o6VQdq2GN+ ezO5/vpAjumDl+FUcPW+POemF6bhJZHb/i4nkt3W1rIj2cIQbLO/EzD0V5xs0maw U8eV/c23GnUDj6vUwU9W4wRtjGvzIYHH9jrgg9YHFfZ4tvbUoV3erHDTc3MLNFdr Fbafx/bhzNfkwQ2hXEXIS8yTs5UuszhwsnQP72IlVjZe9faA313PWN2hNuBTVTOf VExhMVCOgR5+N8/aB5fc0gbFyXhyQ==
X-ME-Sender: <xms:LfJvX6yTmipYRElw2IvU2N4o1PUVs7gbxOfLTujt3_ptvPaha0M8Tw> <xme:LfJvX2SEA5ci9TG-Ph1Ho_aTwn7hzyzPtBDrSe_oSCzoWmx0WzLXljzJO5LJuNyVT Mf7_vW_U7lwHw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdefgdegjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthekre dttdefheenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepheduhfeludegue etveevhfeujeejfefffeettedtvdelfefgkeeikeehjeffvdffnecukfhppedutdekrddv vddurddukedtrdduheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:LfJvX8WOATGNhtfOXFos6tKPsGgpNf9cMmpv9SK7dmZ0SvNQ08pJ7A> <xmx:LfJvXwg0bvx6AXvuV2FG-bSlnAJUnRE1L00iA5iKyh3NkaNaa0knCg> <xmx:LfJvX8AbT6E0ZbLbv9hjB1Fmp73n5LVm_CRtkAXyVCPYv7U5EQW5gQ> <xmx:LfJvX0wXLV05zlkekWk3am0sluRqS28AM85iKAFt2tOuAIFQ6KOtfg>
Received: from [192.168.1.85] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 022D53280066 for <ietf-smtp@ietf.org>; Sat, 26 Sep 2020 22:00:12 -0400 (EDT)
To: ietf-smtp@ietf.org
References: <cone.1600468578.784468.161845.1004@monster.email-scan.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <da460777-824b-1f13-be7c-32bfa9664d02@network-heretics.com>
Date: Sat, 26 Sep 2020 22:00:10 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <cone.1600468578.784468.161845.1004@monster.email-scan.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/EiV41muw_YBCj5Y7X_xTv2hyDr0>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 02:00:16 -0000

Sorry, there's a piece of this that I neglected to address in my earlier 
reply:

On 9/18/20 6:36 PM, Sam Varshavchik wrote:
>
> Courier has an optional setting that can be enabled, that verifies 
> that "the domain name argument in the EHLO command actually correspond 
> to the IP address". I have it enabled. It's one of my most successful 
> spam filters. It's very valueable to me. It's possible that there were 
> one or two instances in the last 25 or so years when I found out that 
> this rejected something that wasn't junk, but I don't immediately 
> recall a single one. I'll stipulate that there might've been one or 
> two times, and that's a pretty good record.
>
I didn't intend to dismiss or ignore this input.   I believe you when 
you say it's been a good spam filter for you.

At some point in the past, this was _not_ a reliable spam filter.    To 
me the fact that it works as a spam filter today seems like mere 
circumstance or accident; I don't see any inherent reason that it will 
be a reliable spam filter going into the future.   Spammers do learn, if 
slowly, so if they have to learn to make sure their EHLO arguments match 
their source IP addresses, they'll do that.   In the long term, I don't 
think this check helps anything.

SMTP has been around for nearly 40 years now (close enough to round 
up).   Are we intending this standard to be applicable for decades past, 
only today as a snapshot in time, or decades into the future?   I would 
argue that it's the latter, and that SMTPbis should make recommendations 
that there's reason to believe will hold up over time.

Separate from all of this, there is an emerging set of (as far as I 
know) largely-unwritten "rules" for how to make your outgoing mail 
appear legitimate enough so as to not get flagged by spam filters as 
often.   This is a mess because most of those "rules" are basically ad 
hoc and not based on any long-term reliable indicators of message 
legitimacy.   But these rules seem certain to keep changing, so IMO it 
makes sense to keep them out of the (hopefully long-term stable) SMTP spec.

Keith