Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Keith Moore <> Mon, 28 September 2020 02:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 815F83A0C0A for <>; Sun, 27 Sep 2020 19:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G46m9fqyBRqh for <>; Sun, 27 Sep 2020 19:00:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C702C3A0C17 for <>; Sun, 27 Sep 2020 19:00:10 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id BF46BB4A for <>; Sun, 27 Sep 2020 22:00:09 -0400 (EDT)
Received: from mailfrontend2 ([]) by compute4.internal (MEProxy); Sun, 27 Sep 2020 22:00:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=FkVzYlJUP5vkgXx4JeeWY7SIBk5mrL1xd/TL8eEQn fM=; b=AY7/tZ63446+MHIXsNC6axciEoX4AB1g5zVq7tchs9aialFLhOQuB++9i m6RFpfhKfE4soQuVtBOBuiuH9/5/GuR3kKsOIC2N6uR7oPhpVci7xs650T9GpJmK lN/QdDqhC3I51n4c4R4rIV1FR2yYgJYvJebq6YrKC9io9BYnQbk3DNibEJQkI658 /cTTslrnwjTfV9ekk5SJxBWeU3jbiN52+VxiQJM7zM/EoRlqzRLciXFyIkkYNoHk 8K1XjWdrR4Us0WO81RWweMfkev91OPF/qXwr2PQl54Btw7I94iQ6y3XkidoB9ar4 uL/cx9dcup0s9AN+RRFtRRftundhQ==
X-ME-Sender: <xms:qUNxX8-2zZozrF-cqXW8z90UuhLfYYAEj_5JndSCunACANg5fr1hTA> <xme:qUNxX0vsngxQwV6xFGLycwfAEXTuqjXaoSJwrOHXMCODy252PONpODxgbJFbVlmgJ FGLJVI8xkMhLQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdehgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthekre dttdefheenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepheduhfeludegue etveevhfeujeejfefffeettedtvdelfefgkeeikeehjeffvdffnecukfhppedutdekrddv vddurddukedtrdduheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:qUNxXyBWev77v2vuMwaoG9X5o9UaEW37hk7zigCAfx7fMHzXK1WOUQ> <xmx:qUNxX8fX2q2Kmirb_W_MniVmyRGTs3udg27gRvuh5yXl1_L8rrRWcw> <xmx:qUNxXxNuwl31rcd_Pe2iToGtGAVvYH3NX8hAe_AE9W3rdFfXhEBrzA> <xmx:qUNxX_vX-2PdIkp8plzW-VdRXp4yT-n4yWHDOoS_XLnKqDUzInOH-w>
Received: from [] ( []) by (Postfix) with ESMTPA id CC923306467D for <>; Sun, 27 Sep 2020 22:00:08 -0400 (EDT)
References: <> <> <> <> <> <> <>
From: Keith Moore <>
Message-ID: <>
Date: Sun, 27 Sep 2020 22:00:07 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 28 Sep 2020 02:00:12 -0000

On 9/27/20 9:51 PM, Sam Varshavchik wrote:

> Keith Moore writes:
>> I thought it was about advice to the server which is currently that 
>> the server MUST NOT refuse to accept a message based on failure of 
>> EHLO argument verification.
>> My argument is that EHLO verification is, in the long run, poor 
>> practice and should not be encouraged by 5321bis even if it seems 
>> like an effective spam
> To me, "SHOULD NOT" is a better match for "should not be encouraged". 
> The current phrasing, "MUST NOT", prohibits it.

I might agree with that, though I would also like to see some 
elaboration as to why it's a Bad Idea in the long run, rather than just 

(I have a little but of trouble with the current 5321 language, because 
it conflicts with the notion that an SMTP server can reject mail for any 
reason.    At best the juxtaposition of these two seems conflicting and 
confusing even though I think that EHLO verification is overall a 
shortsighted idea that should be discouraged.)

> Whether or not EHLO domain validation is prohibited or not, it is used 
> in practice right now, and the current language in 5321 is being 
> ignored, to some degree. The same language also existed in 2821, so 
> this has been ignored for a while. An Internet standard that does not 
> reflect current practice is not as valuable as one which is.

I actually disagree.   The purpose of a protocol specification standard 
should not be to reflect current practice; it should be to specify 
desirable practice.    And it's important to not confuse the two goals.

However I will admit that if the standard specifies a practice that 
doesn't interoperate well with current practice, it can harm the 
effectiveness of the standard.