Re: [dmarc-ietf] ... and two more tiny nits, while I'm at it

Wed, 21 Jan 2015 13:19:17 -0800 

On 1/20/2015 5:54 PM, Anne Bennett wrote:


Franck Martin <fra...@peachymango.org> writes:


Yes, RFC7208 says evaluate both in parallel, but the result
of an spf=pass/fail is highly constrained on the success or
failure of the MAIL FROM spf test.


Actually, it recommends checking the HELO identity first,
because if you get a definite result from that, you may not
have to evaluate the MAIL FROM identity at all.



However, in practice, optimized receivers will wait for a valid local 
RCPT TO (Forward-path) address before exerting any potentially, high 
overhead, wasteful DNS application queries.



For remote RCPT TO address, this generally requires 
authentication/authorization to relay mail. Under the SUBMIT protocol, 
HELO/EHLO can be enforced.  Our package does not enforce it (it was 
relaxed) for PORT 587 operations because AUTH is required anyway and 
in the SOHO market, with NATs around, it was not always possible to 
put a proper machine client host name for the EHLO/HELO field or the 
Domain IP Literal was incorrect (did not match the connection ip).



But for public port 25 operations, there is a high payoff to wait.  We 
realized a 60% savings in DNS lookups because 60% of the RCPT TO were 
invalid!  SMTP RFC5321 even provides insight into using delay strategies:


   SMTP Section 3.3 Mail Transactions

   .....

   Despite the apparent scope of this requirement, there are
   circumstances in which the acceptability of the reverse-path may
   not be determined until one or more forward-paths (in RCPT
   commands) can be examined.  In those cases, the server MAY
   reasonably accept the reverse-path (with a 250 reply) and then
   report problems after the forward-paths are received and
   examined.  Normally, failures produce 550 or 553 replies.



Overall, all specs are just guidelines. You don't have to follow them 
exactly where it doesn't make sense.  A RECOMMEND is functionally 
equivalent to a SHOULD, it is not a MUST.



As long as the end result is the same, we should be generally ok so we 
are basically talking about optimization concepts.


--
HLS


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

























					Reply via email to