Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <> Sun, 27 September 2020 15:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 85AD73A044A for <>; Sun, 27 Sep 2020 08:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id um9SemVzJc-T for <>; Sun, 27 Sep 2020 08:43:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E16DB3A041C for <>; Sun, 27 Sep 2020 08:43:13 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 422E0C75; Sun, 27 Sep 2020 11:43:13 -0400 (EDT)
Received: from mailfrontend1 ([]) by compute4.internal (MEProxy); Sun, 27 Sep 2020 11:43:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=Zrf3BTdgInPK60si4yV8R99CTnHk5nAbG3KH5tvVR hE=; b=Nhhdxds7vn82xUAtZGI9t4jXWx+VS2cDvlz5FSc1p6kTou9s6slVZDqGq Fu6dQDBEShZ+eBauvg1TLX3Y63lCDT3vw1JqiFvln7T2goCr+dFfb2Dyxy5eZzFd oqSbOUN4bpeK12ADGp3tqaZJtErn7k8Zb7Y6C0XgheXy7nUHRrtvSOr8aV11RLAg BD+eNUn+GBrA0eEns5+mg4OxK2Tc2quRiWj0yjWfR6ux5ZGDDVg/LdwtcYRwnoAM OhJmMA8InyBDbzZMkYuqaAAwhlkr1jtbHAnMEIr8dgjdngZRP++P2Cpe5DGFWZQM jtB7VFdymV5wNQQapv4Oubj7vDB+A==
X-ME-Sender: <xms:D7NwX2DfYlnlKiMGHfVcby9p1GmKYRDk5og899UavSPjToYeJucuoA> <xme:D7NwXwh4P1gZsrGuDRCIxn1H4eUcCVtUqMOG1gvgMoKZawAXTqaa2HtPBkxEll16b oLrsLnrEfp0eA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdeggdelgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucggtffrrghtthgvrhhnpeehhfeutdehfefgfefghfekhefguefgieduueegjeekfeel leeuieffteefueduueenucfkphepuddtkedrvddvuddrudektddrudehnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:D7NwX5mjnSeO2CuDsqn0BxjEaSJFPxuywFI6qZnbvk8mDgJoG_CREQ> <xmx:D7NwX0yKCUOxg9PU_ddIvUIOsmGB75S9lyBlddLrJZkkywhOE-mbCQ> <xmx:D7NwX7Tuo7839kZpNzWxqmdDowS0uDYuiDrzBq22SitY9KE8wIArmA> <xmx:ELNwXyfWq2NcmThQwoakii5PgHxaV5l47T24XPeTjUPqzXNsmcUp9A>
Received: from [] ( []) by (Postfix) with ESMTPA id AFE423280060; Sun, 27 Sep 2020 11:43:11 -0400 (EDT)
To: John R Levine <>,
References: <20200927052221.E0A1A21D3A2D@ary.qy> <> <> <> <>
From: Keith Moore <>
Message-ID: <>
Date: Sun, 27 Sep 2020 11:43:10 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 27 Sep 2020 15:43:16 -0000

On 9/27/20 11:40 AM, John R Levine wrote:

>> I would say instead that because some subset of inbound MTAs do EHLO 
>> verification, "real mail servers" (i.e. those which manage to 
>> continue to deliver mail with some reliability) are forced to have 
>> static IPv4 source addresses for which PTR lookup results match EHLO 
>> arguments.
> No, we've observed in practice that hosts that don't have matching 
> PTRs are spambots.

I don't believe that anyone takes enough time to look at a sufficient 
volume of email, often enough, to be sure of that. And again, it's a 
self-fulfilling belief.

>>> Anything that comes from a dynamic or NAT pool is invariably spam 
>>> from a botnet.
>> No, because nobody is looking that closely.
> Sorry, but you're just wrong.  We absolutely look that closely.  I 
> know people who maintain pools of patterns to recognize dynamic pool 
> rDNS which lots of people use in their spam scoring.

I didn't say it wasn't used, I said it wasn't reliably measured.

> It would be nice if mail still worked the way it did 30 years ago, but 
> that was most definitely then, and this is now.
And poorly chosen spam filters are a big reason for the degradation of 
email reliability during that time.