Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Richard Clayton <richard@highwayman.com> Sun, 04 October 2020 17:52 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 361B23A0964 for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 10:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xuhkJHqZMSZd for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 10:52:42 -0700 (PDT)
Received: from mail.highwayman.com (mail.highwayman.com [82.69.6.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C2283A095D for <ietf-smtp@ietf.org>; Sun, 4 Oct 2020 10:52:41 -0700 (PDT)
Received: from localhost ([127.0.0.1]:45671 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.94) (envelope-from <richard@highwayman.com>) id 1kP8Bc-000Inp-4Y for ietf-smtp@ietf.org; Sun, 04 Oct 2020 17:52:40 +0000
Message-ID: <KWmRTmBNvgefFAnC@highwayman.com>
Date: Sun, 4 Oct 2020 18:52:13 +0100
To: ietf-smtp@ietf.org
From: Richard Clayton <richard@highwayman.com>
References: <20200928221602.046CE22A35B3@ary.qy> <ADA8052C-2B7D-4C50-8FFF-A3D88EC3BA58@isc.org> <ab8886ec-79b1-a89c-da38-dfe5a6e681@taugh.com> <a692482a-7777-5743-0820-894dbe7314b0@network-heretics.com> <1c1856a5-ae46-48a0-84cd-66eafb543fa9@gulbrandsen.priv.no>
In-Reply-To: <1c1856a5-ae46-48a0-84cd-66eafb543fa9@gulbrandsen.priv.no>
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Mailer: Turnpike Integrated Version 5.03 M <vG0$+PSD77vpCMKLbmX+duWByj>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/YUvVwk237eAv7Gf0rqm01XfyQ_s>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2020 17:52:44 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <1c1856a5-ae46-48a0-84cd-66eafb543fa9@gulbrandsen.priv.no>no>,
Arnt Gulbrandsen <arnt@gulbrandsen.priv.no> writes
>On Sunday 4 October 2020 11:49:29 CEST, Keith Moore wrote:
>> Please cite these "well established anti-abuse metrics" because 
>> they should not be accepted as valid without question.
>
>Actually, a significant set of email senders do question and do not accept 
>them, so you're in a lot of company here, even if it may not be very good 
>company ;)

"metrics" means measurement -- it's more heuristics as to how you should
configure and run your system.  About 7 years ago I helped put together
a consensus view of what these heuristics might be for production
systems (ie ones where you really cared whether they worked).

It never got published, not least because the first few pieces of
excellent advice were not seen as something that it was desirable by the
potential publisher to endorse.

That doesn't in my view (and those who helped compile the list) stop
this from being excellent advice -- it's kind of a clue test, if you
cannot obtain an IPv4 address then you probably should not be sending
email at scale. One day that will change, and standards writers may wish
to look into the far future so will not include short-term
considerations in their output. For the next few years however:

*  Use a static IPv4 address for your email system

*  Do not share this IPv4 address with user machines

*  Do not host your email system ‘in the cloud’

*  Make sure that your IP address is not listed in the PBL

*  Provide an MX record

*  Provide meaningful and consistent reverse DNS

*  Your system should say HELO (or EHLO) with its hostname

*  Keep your software completely up-to-date

*  Use a submit port with effective authentication or strict
   IP access controls

*  Limit outgoing email volumes

*  Accept reports of problems with your systems

*  Review the mail system logs on a regular basis

*  Ensure your system is highly reliable

*  Don’t create backscatter

*  Maintain a good reputation

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBX3oLzd2nQQHFxEViEQLbwwCg+ue1rLkX4KkwHV8L58AmNAf8NsoAoOVQ
RIR0X//CXCtR5JzyBf2fcwpu
=ydt6
-----END PGP SIGNATURE-----