Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Richard Clayton <richard@highwayman.com> Sun, 04 October 2020 19:47 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6A63A09BE for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 12:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4yEmU2BeMe6 for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Oct 2020 12:47:51 -0700 (PDT)
Received: from mail.highwayman.com (mail.highwayman.com [82.69.6.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DBAD3A08C0 for <ietf-smtp@ietf.org>; Sun, 4 Oct 2020 12:47:51 -0700 (PDT)
Received: from localhost ([127.0.0.1]:12205 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.94) (envelope-from <richard@highwayman.com>) id 1kP9z2-000JrY-OT; Sun, 04 Oct 2020 19:47:48 +0000
Message-ID: <w0F$raBDaiefFAjm@highwayman.com>
Date: Sun, 4 Oct 2020 20:46:11 +0100
To: Keith Moore <moore@network-heretics.com>
Cc: ietf-smtp@ietf.org
From: Richard Clayton <richard@highwayman.com>
References: <20200928221602.046CE22A35B3@ary.qy> <ADA8052C-2B7D-4C50-8FFF-A3D88EC3BA58@isc.org> <ab8886ec-79b1-a89c-da38-dfe5a6e681@taugh.com> <a692482a-7777-5743-0820-894dbe7314b0@network-heretics.com> <1c1856a5-ae46-48a0-84cd-66eafb543fa9@gulbrandsen.priv.no> <KWmRTmBNvgefFAnC@highwayman.com> <945d2baf-c5a9-fb9e-4563-93dff1824102@network-heretics.com>
In-Reply-To: <945d2baf-c5a9-fb9e-4563-93dff1824102@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Turnpike Integrated Version 5.03 M <jGy$+PDr77voAPKLDqX+deWZg3>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/qEgDnijVwxSIVGTL_eAdVUcYhgQ>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2020 19:47:53 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <945d2baf-c5a9-fb9e-4563-93dff1824102@network-heretics.com>om>,
Keith Moore <moore@network-heretics.com> writes

>Thanks for providing a list, though I wonder if this is the same as the 
>list that John referred to.
>
>I do suspect that the list could use some updating.   For example:
>
>On 10/4/20 1:52 PM, Richard Clayton wrote:
>> For the next few years however:
>>
>> *  Use a static IPv4 address for your email system
>
>IMO this should change to support the reality that IPv4 addresses are 
>getting scarcer by the day, especially in some parts of the world.  

you may wish it to change (and I am sure it will in time) ... but a
consensus view (albeit from 2013, but I would expect it was much the
same in 2020) is that you will have much more success delivering email
from a static IPv4 address than from an IPv6 address

>(Especially given the inertia that likely exists with such rules, 
>changing the rules now may be necessary to ensure smooth operation in a 
>year or two)

the inertia is I suspect merely in the people whose views go to the
consensus as to what is "a wise way to set up your email"... it may be
that they miss changes, but I doubt that you will do considerably worse
by using IPv4 for some time to come

>> *  Make sure that your IP address is not listed in the PBL
>
>I suspect that this is something that sites will have less and less 
>control over in the future, at least in IPv4 space, especially given the 
>"marketplace" in IPv4 prefixes and the need to have different sites' 
>addresses in different IPv4 subnets (also has to do with limitations of 
>DNS in-addr.arpa delegation).

I think you may misunderstand the nature of the PBL ... this is
basically telling you that if you are using IPv4 addresses handed out by
a consumer ISP then you are going to have to ensure that they don't
settle for a quiet life for their abuse@ team by listing all their
assets

>> *  Your system should say HELO (or EHLO) with its hostname
>
>Could use better definition of "its hostname".   Suspect you mean EHLO 
>name should match PTR lookup of client's source IP address.

the document I'm quoting from has a paragraph or so of explanatory text
accompanying each of the bullet points -- so although those bullet
points should resonate with everyone here, to make really good use of
the advice you would need the whole thing

>IMO that might be a bit limiting - I would really like to see 

you miss the point -- the list is what you should do for success today.
It is not a manifesto for how the world should be

that said, of course there is value in identifying where success is hard
to achieve and so we should be promoting initiatives to address that

>> *  Accept reports of problems with your systems
>Is there a more recent standard for doing so than postmaster@?

if you are not reading abuse@ and security@ as well (and paying
attention to email coming in to pretty much any email address in whois
data (for IP or domains) then more fool you

- -- 
richard                                                  Richard Clayton

Those who would give up essential Liberty, to purchase a        Benjamin
little temporary Safety, deserve neither Liberty nor Safety.    Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBX3omg92nQQHFxEViEQLzsACgoA1gun5JyPcY+bbOLZtgEdrBwlQAnR8J
w1o6S2SykKDcVXCNSxcuZ4UU
=3JMh
-----END PGP SIGNATURE-----