Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Dave Crocker <> Sun, 27 September 2020 20:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CDF413A0BDB for <>; Sun, 27 Sep 2020 13:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.112
X-Spam-Status: No, score=-2.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.213, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G6rtzuga2QaF for <>; Sun, 27 Sep 2020 13:09:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 89C713A0BD7 for <>; Sun, 27 Sep 2020 13:09:05 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id 08RKCCGM007965 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 27 Sep 2020 13:12:12 -0700
To: Keith Moore <>,
References: <20200927052221.E0A1A21D3A2D@ary.qy> <> <> <> <> <524505CF8F2AED906ABA4810@PSB> <> <> <>
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
Message-ID: <>
Date: Sun, 27 Sep 2020 13:08:59 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------2227C0D69F40A010A0E8A42F"
Content-Language: en-US
Archived-At: <>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 27 Sep 2020 20:09:07 -0000

On 9/27/2020 12:53 PM, Keith Moore wrote:
>> and spammers have made it impossible to give senders the benefit of 
>> the doubt. Given the prevalence and maliciousness of spam, much of 
>> which comes from compromised hosts whose nominal owners have no clue, 
>> if it doesn't look squeaky clean, it's probably malware. 
> Every time I see a statement like that that doesn't even consider the 
> false positive rate, my bogometer pegs.   It's like the elephant in 
> the room that nobody wants to talk about.

1. Since it wasn't trying to provide a comprehensive statement about all 
of the factors that go into the balancing act of real-world email 
filtering, your criticism for what it doesn't cover is claiming a 
failure to cover something that wasn't in scope.

2. You appear to be implying that folk running email services don't 
worry about false positives.  But I'll be that you know they must.

3. In fact in rooms where folk who do actual anti-abuse operations talk, 
they do talk about false positives.  (duh).

4. This ain't one of those rooms, since few of those folk are hear and 
that isn't the topic for this room.


Dave Crocker
Brandenburg InternetWorking