Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Russ Allbery <eagle@eyrie.org> Sun, 27 September 2020 16:32 UTC

Return-Path: <eagle@eyrie.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3BA33A08FB for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 09:32:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A04ghAcSXO27 for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 09:32:54 -0700 (PDT)
Received: from haven.eyrie.org (haven.eyrie.org [166.84.7.159]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 544AE3A08EC for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 09:32:54 -0700 (PDT)
Received: from lothlorien.eyrie.org (unknown [IPv6:2603:3024:160b:400:ae22:bff:fe50:db06]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by haven.eyrie.org (Postfix) with ESMTPS id 134D9118152; Sun, 27 Sep 2020 09:32:53 -0700 (PDT)
Received: by lothlorien.eyrie.org (Postfix, from userid 1000) id 2D2E6B42533; Sun, 27 Sep 2020 09:32:52 -0700 (PDT)
From: Russ Allbery <eagle@eyrie.org>
To: "John R Levine" <johnl@taugh.com>
Cc: "Keith Moore" <moore@network-heretics.com>, ietf-smtp@ietf.org
In-Reply-To: <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com> (John R. Levine's message of "27 Sep 2020 11:40:27 -0400")
Organization: The Eyrie
References: <20200927052221.E0A1A21D3A2D@ary.qy> <198daf90-b3dd-de01-88a0-e9d961feddda@network-heretics.com> <9ad77523-9c98-2249-d01c-80ecc6a96fa@taugh.com> <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com> <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
Date: Sun, 27 Sep 2020 09:32:52 -0700
Message-ID: <87d027rxhn.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/ZGOBbhaW6JU7ejIMGNXddAwXEnw>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 16:32:56 -0000

"John R Levine" <johnl@taugh.com> writes:

>>> Anything that comes from a dynamic or NAT pool is invariably spam from
>>> a botnet.

>> No, because nobody is looking that closely.

> Sorry, but you're just wrong.  We absolutely look that closely.  I know
> people who maintain pools of patterns to recognize dynamic pool rDNS
> which lots of people use in their spam scoring.

It's effectively impossible to get reliable mail delivery from a dynamic
pool these days because of how frequently it is used for spam (so
providers start blocking outbound 25) and as a spam signature (because
it's so frequently used for spam).  Therefore people (like me) who would
happily be sending mail directly from dynamic ranges instead configure our
systems to route through a cloud server with a static IP address, and
therefore show up in your statistics as reinforcing that all mail comes
from static IPs.

In other words, I think you're both right.  Keith is clearly correct that
we accepted a whole lot of false positives and discarded a lot of valid
mail when we started down the path of blocking all mail from dynamic
ranges, but that was the tradeoff decision that most of the mail
recipients made at the time (for defensible reasons).  It's now become a
self-sustaining situation: it's so widely known that dynamic ranges are
just spam that deliverability is awful, and therefore legitimate senders
are effectively forced to go extra expense to avoid using dynamic ranges,
and therefore nearly all mail still sent from dynamic ranges is spam.

I think one can argue about whether or not it was a bad tradeoff, but at
this point I think it's water under the bridge and I find it hard to
imagine how we would reverse those decisions.  They weren't standards
decisions; they were decisions made by an ad hoc consensus of mail
recipients.

-- 
Russ Allbery (eagle@eyrie.org)             <https://www.eyrie.org/~eagle/>