Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

Ned Freed <ned.freed@mrochek.com> Sun, 27 September 2020 17:56 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7FDB3A0BD7 for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 10:56:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fniVGMQDB_vS for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Sep 2020 10:56:28 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AA133A0B85 for <ietf-smtp@ietf.org>; Sun, 27 Sep 2020 10:56:28 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQ4X4W1H4000ACKI@mauve.mrochek.com> for ietf-smtp@ietf.org; Sun, 27 Sep 2020 10:51:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1601229084; bh=oAJTi7wDFgZzMScUTVvpmy2b+quwLA2OtDPvb7W/8Dk=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=FIcZzUuZUd1750Sax1nAeyt9xHlad5bEY6twccP45Zgq6jO8o5kQvWJQU7AXq+x7C boo+deiQ2BlI8jscSulGClTFrJ8eMMwns6gnolCWDLHGK2OzAfvKuuHtJghncjRnob ZCgDlS2RE0j8M9WQMqPiFvcWEnBsmEu6z9TJmSEE=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQ0J6W8U3K005PTU@mauve.mrochek.com>; Sun, 27 Sep 2020 10:51:21 -0700 (PDT)
Cc: John R Levine <johnl@taugh.com>, Keith Moore <moore@network-heretics.com>, ietf-smtp@ietf.org
Message-id: <01RQ4X4TLND6005PTU@mauve.mrochek.com>
Date: Sun, 27 Sep 2020 10:01:00 -0700 (PDT)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sun, 27 Sep 2020 12:36:38 -0400" <524505CF8F2AED906ABA4810@PSB>
References: <20200927052221.E0A1A21D3A2D@ary.qy> <198daf90-b3dd-de01-88a0-e9d961feddda@network-heretics.com> <9ad77523-9c98-2249-d01c-80ecc6a96fa@taugh.com> <5e0239fb-9511-c8ae-e4a4-62b9caa2c861@network-heretics.com> <46d012a7-f938-741b-95dc-23d37a26cb39@taugh.com> <524505CF8F2AED906ABA4810@PSB>
To: John C Klensin <john@jck.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/yUfwhpd1Rl523Go2MQ4sMjgOYGI>
Subject: Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 17:56:30 -0000

> John,

> (as with Keith earlier comment, this is not intended to be a
> rant, but might come out sounding that way)

A pretty even-handed description of the situation IMO.

> This is a self-fulfilling prophecy which gets back to Keith's
> comment about resources.  In order to run an SMTP client or
> server with any of the three ISPs I've dealt with recently, and
> do so without violating the contracts they impose, I first have
> to obtain a business account which is not much different from a
> residential account other than costing three or four times as
> much.

Around here the service isn't much more expensive, but getting it at
a residental location is difficult at best, impossible at worst.

Of course there's always the option of deplying in someone's cloud, but that
has issues of its own. For one thing, you're far more likely to get nailed by a
noisy neighbor in the cloud. (One of my neighbors is having exactly this issue
right now.)

> Because the anti-spam powers that be don't think I should
> be running either an SMTP server or a client on dynamic
> addresses (even if I have dynamic DNS set up properly and
> appropriate MX arrangements), I have to then obtain one or more
> static addresses from said ISP and the costs of those are not
> going down [1].

Add to that the number of providers who actually offer static IPs is
dropping, and the geographies where the remaining ones are
able to provide the service are also decreasing.

> And, since the idea of delegating
> reverse-mapping ranges on bit boundaries failed, once one has
> those static addresses, one than has to convince the ISP to
> provide the correct reverse mapping.  That, too, has costs -
> either in terms of money or in efforts to negotiate.  There may
> be ISPs out there who, upon supplying a static address  or
> address range inquire how one would like the reverse mapping
> records to read, or even insist on getting that information, but
> I haven't encountered one yet.

Around here we have:

(1) HugeISP - I managed to get them to set my reverse names when my service
    was installed. As for updates, their elaborate web site, where
    my name appears as "null CUSTOMER", is so difficult to navigate it's
    impossible to be sure, but there doesn't seem to be a way to do it.
    But there is good news: They do let you give your modem a nickname.
    (I chose "Joe Egg".) So I guess a service ticket is necessary. Past
    experience with those has been mixed.

(2) MediumISP - Back when I used their service they had a really convenient
    web page that let you set them. 24 hour max turnaround. Sweet. The bad news
    is they are one of the ISPs who no longer offer static IPs in this
    area. 
    
(3) TinyISP - You call "the guy" and he takes care of it when he has a
    moment. Usually takes a day or two.

(4) FiberISP - Send mail to hostmaster@fiberisp.net saying what you want
    changed. They stopped their buildout two blocks down the road because
    of a lawsuit, so no direct experience, but reportedly the possible
    responses include (a) Done and dusted, (b) You need to pay $$$ for that,
    and (c) Huh?

> So, if the goal, however unintentionally, is to further reduce
> the number of independent (and legitimate) SMTP clients and
> servers, and force those without extensive resources to shift
> over to large and dominant email providers, perhaps we are on
> track.

The other thing that's worth noting is the frequency of forced IP address
changes. I've had this happen four times in the past 20 years, and each time
getting the PTRs set up has been the worst part of the process. And yes, it has
resulted in lost mail, so please don't try and tell me these checks never
impact legitimate senders.

> > It would be nice if mail still worked the way it did 30 years
> > ago, but that was most definitely then, and this is now.

> And, from the standpoint of those large providers, the fight
> against spam and other sorts of evil behavior would be ever so
> much easier if they had only a handful of other providers to
> work with s.t. anything not coming from one of them was suspect.
> Of course, the way DMARC was developed and deployed might be
> believed to reflect exactly that attitude.

Such a cynic ;-)

>     john

				Ned