Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

John R Levine <johnl@taugh.com> Sun, 27 September 2020 15:40 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76A483A0FCC for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 08:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=Uc5pIEL9; dkim=pass (2048-bit key) header.d=taugh.com header.b=Z93EShRx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OiCCeyOqQHUz for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 08:40:31 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2A083A041C for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 08:40:30 -0700 (PDT)
Received: (qmail 81333 invoked from network); 27 Sep 2020 15:40:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=13db3.5f70b26b.k2009; i=johnl-iecc.com@submit.iecc.com; bh=M74X4YZK2OLG7xA5RaqFCJGHXNtWxUfE+uCOivmoayY=; b=Uc5pIEL9jS5QSF3jJWCjzLvShnf4XdyUUkaWZtkXoQ2hZ6wLc7UkVDiE0xDI/QlarSUziv5qpPsxswXF/AM1J8GdpKf0VoaYIrN7gUKckE2RtrpI4IujP9wXNoONFXQcaGxzU/bOaPEoqcbtXbuRZat2HQYMW0McFF8bgHFIX/R9NZxbCCk+HMRYftPD3tuK1KHwLgY8rz3/Ysu2PP4LuyDVBjLJdq/yrVgIXkcZ/HjJnlhbs2goQ7Y6sP9qKsSju572bCk+gD3JhHJBuzOJcmtNPR0EHqrYGD+X1z4Vr05MNnME+0VXhhwW8ZqyKrnGXUgBtlTERiLkq8Hi+G/lHg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=13db3.5f70b26b.k2009; olt=johnl-iecc.com@submit.iecc.com; bh=M74X4YZK2OLG7xA5RaqFCJGHXNtWxUfE+uCOivmoayY=; b=Z93EShRx1ukJlBg7mal0X29UQRERxTB2IMKLd8yPNpIDbk65ZNxY+Tl9tpbhCEsfF1p6iyopLVIk1Mxd5WYY6cPnqO9DQUVt3l/Lmq2816sg5pu/On7HQmmlneEn+1l4F2Pryqh3Q+1OwaPx4ef8SDKiqLP2gBygej9fiD58Z4VZeV2nTb5Ys18jOeaB8Btk/TOHvUR0oLtEMl+W+tA86kHgUhakRi0C9FB0dvrs8BL14Bj/PpAmOJqLDgbXpJM4JFZOPDN2HAdpF/X6HCVMwVpAFqUC/SIFk5i3LdXvlXkABltLwfuyITbHnZRdqs2nQimswRThiXFbfRQzhIVkTw==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 27 Sep 2020 15:40:27 -0000
Date: 27 Sep 2020 11:40:27 -0400
Message-ID: <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Keith Moore" <moore@network-heretics.com>, ietf-smtp@ietf.org
In-Reply-To: <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com>
References: <20200927052221.E0A1A21D3A2D@ary.qy> <198daf90-b3dd-de01-88a0-e9d961feddda@network-heretics.com> <9ad77523-9c98-2249-d01c-80ecc6a96fa@taugh.com> <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/htWKZlBW3tNl77O1nCTnRa9Lar8>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 15:40:32 -0000

> I would say instead that because some subset of inbound MTAs do EHLO 
> verification, "real mail servers" (i.e. those which manage to continue to 
> deliver mail with some reliability) are forced to have static IPv4 source 
> addresses for which PTR lookup results match EHLO arguments.

No, we've observed in practice that hosts that don't have matching PTRs 
are spambots.

>> Anything that comes from a dynamic or NAT pool is invariably spam from a 
>> botnet.
>
> No, because nobody is looking that closely.

Sorry, but you're just wrong.  We absolutely look that closely.  I know 
people who maintain pools of patterns to recognize dynamic pool rDNS which 
lots of people use in their spam scoring.

It would be nice if mail still worked the way it did 30 years ago, but 
that was most definitely then, and this is now.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly