Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Dave Crocker <dhc@dcrocker.net> Sun, 27 September 2020 16:29 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3A53A102F for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 09:29:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.113
X-Spam-Level:
X-Spam-Status: No, score=-2.113 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.213, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q1iZg-D4vmgt for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 09:29:31 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7415F3A102E for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 09:29:31 -0700 (PDT)
Received: from [192.168.0.109] (c-24-130-62-181.hsd1.ca.comcast.net [24.130.62.181]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id 08RGWa2r018477 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 27 Sep 2020 09:32:37 -0700
To: Keith Moore <moore@network-heretics.com>
References: <20200927052221.E0A1A21D3A2D@ary.qy> <198daf90-b3dd-de01-88a0-e9d961feddda@network-heretics.com> <9ad77523-9c98-2249-d01c-80ecc6a96fa@taugh.com> <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com>
From: Dave Crocker <dhc@dcrocker.net>
Cc: ietf-smtp@ietf.org
Reply-To: dcrocker@bbiw.net
Organization: Brandenburg InternetWorking
Message-ID: <9ac2395f-bfe0-0c8b-00e1-b7c3db8298b9@dcrocker.net>
Date: Sun, 27 Sep 2020 09:29:24 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/rztF78S6xITBDHb2E6rRmNY-EMA>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 16:29:33 -0000

On 9/27/2020 8:33 AM, Keith Moore wrote:
>
> On 9/27/20 11:04 AM, John R Levine wrote:
>
> Anything that comes from a dynamic or NAT pool is invariably spam from 
> a botnet.
>
> No, because nobody is looking that closely.   It's basically just 
> prejudice that assumes that "legitimate" senders have static IP 
> addresses, delegation of the corresponding zone in in-addr.arpa, and 
> the knowledge to populate the PTR records.
>

John L. has been correctly summarizing what members of M3AAWG have been 
quite consistent about, for many years.  It is part of the reason that 
running a legitimate mail server on the open Internet, these days, 
requires a significant amount of knowledge about the rather elaborate 
set of expected configuration and procedure.

Properly registering the domain name and the IP address, forward and 
backwards, has been one of the more basic and practical requirements for 
at least 10 years, that I know of, but probably a lot longer.

As for 'prejudice', I encourage folk to spend some time around the 
anti-abuse industry and learn more about how it operates, since it takes 
a 95% spam level for incoming mail and brings in down to a tiny percent.


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net