Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <moore@network-heretics.com> Sun, 27 September 2020 15:43 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85AD73A044A for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 08:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id um9SemVzJc-T for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 08:43:13 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E16DB3A041C for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 08:43:13 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 422E0C75; Sun, 27 Sep 2020 11:43:13 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Sun, 27 Sep 2020 11:43:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=Zrf3BTdgInPK60si4yV8R99CTnHk5nAbG3KH5tvVR hE=; b=Nhhdxds7vn82xUAtZGI9t4jXWx+VS2cDvlz5FSc1p6kTou9s6slVZDqGq Fu6dQDBEShZ+eBauvg1TLX3Y63lCDT3vw1JqiFvln7T2goCr+dFfb2Dyxy5eZzFd oqSbOUN4bpeK12ADGp3tqaZJtErn7k8Zb7Y6C0XgheXy7nUHRrtvSOr8aV11RLAg BD+eNUn+GBrA0eEns5+mg4OxK2Tc2quRiWj0yjWfR6ux5ZGDDVg/LdwtcYRwnoAM OhJmMA8InyBDbzZMkYuqaAAwhlkr1jtbHAnMEIr8dgjdngZRP++P2Cpe5DGFWZQM jtB7VFdymV5wNQQapv4Oubj7vDB+A==
X-ME-Sender: <xms:D7NwX2DfYlnlKiMGHfVcby9p1GmKYRDk5og899UavSPjToYeJucuoA> <xme:D7NwXwh4P1gZsrGuDRCIxn1H4eUcCVtUqMOG1gvgMoKZawAXTqaa2HtPBkxEll16b oLrsLnrEfp0eA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdeggdelgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucggtffrrghtthgvrhhnpeehhfeutdehfefgfefghfekhefguefgieduueegjeekfeel leeuieffteefueduueenucfkphepuddtkedrvddvuddrudektddrudehnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:D7NwX5mjnSeO2CuDsqn0BxjEaSJFPxuywFI6qZnbvk8mDgJoG_CREQ> <xmx:D7NwX0yKCUOxg9PU_ddIvUIOsmGB75S9lyBlddLrJZkkywhOE-mbCQ> <xmx:D7NwX7Tuo7839kZpNzWxqmdDowS0uDYuiDrzBq22SitY9KE8wIArmA> <xmx:ELNwXyfWq2NcmThQwoakii5PgHxaV5l47T24XPeTjUPqzXNsmcUp9A>
Received: from [192.168.1.85] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id AFE423280060; Sun, 27 Sep 2020 11:43:11 -0400 (EDT)
To: John R Levine <johnl@taugh.com>, ietf-smtp@ietf.org
References: <20200927052221.E0A1A21D3A2D@ary.qy> <198daf90-b3dd-de01-88a0-e9d961feddda@network-heretics.com> <9ad77523-9c98-2249-d01c-80ecc6a96fa@taugh.com> <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com> <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <0dfb3265-e918-8d90-7dd2-1fcdf2b643fa@network-heretics.com>
Date: Sun, 27 Sep 2020 11:43:10 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/qT3XkbHgo5HdBXVJWVcFraoSn3o>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 15:43:16 -0000

On 9/27/20 11:40 AM, John R Levine wrote:

>> I would say instead that because some subset of inbound MTAs do EHLO 
>> verification, "real mail servers" (i.e. those which manage to 
>> continue to deliver mail with some reliability) are forced to have 
>> static IPv4 source addresses for which PTR lookup results match EHLO 
>> arguments.
>
> No, we've observed in practice that hosts that don't have matching 
> PTRs are spambots.

I don't believe that anyone takes enough time to look at a sufficient 
volume of email, often enough, to be sure of that. And again, it's a 
self-fulfilling belief.

>
>>> Anything that comes from a dynamic or NAT pool is invariably spam 
>>> from a botnet.
>>
>> No, because nobody is looking that closely.
>
> Sorry, but you're just wrong.  We absolutely look that closely.  I 
> know people who maintain pools of patterns to recognize dynamic pool 
> rDNS which lots of people use in their spam scoring.

I didn't say it wasn't used, I said it wasn't reliably measured.

>
> It would be nice if mail still worked the way it did 30 years ago, but 
> that was most definitely then, and this is now.
>
And poorly chosen spam filters are a big reason for the degradation of 
email reliability during that time.

Keith