Hi Jared, Jared Johnson wrote: > We've been considering blocking messages that break RFC compliance by > including a space before or after the colon in MAIL FROM: and RCPT TO: > commands. From RFC 5321 Section 3.3: > > Since it has been a common source of errors, it is worth noting that > spaces are not permitted on either side of the colon following FROM > in the MAIL command or TO in the RCPT command. The syntax is exactly > as given above. > > I wrote up the following statistics in an attempt to see just what would > happen if we started enforcing this syntax. As it turns out, we would > be able to skip a whole lot of RBL, SPF, and address lookups as well as > content scans, and also be able to block a number of spams that would > have otherwise gotten through our filter... but we would also block > *some* legit mail. Most of the mail that would have been blocked was > sent by email marketers, though, and wouldn't have necessarily been > missed by our customers; and if the senders knew what they were doing, > they could always do something about it. > > Anyway, I thought I'd post it here and see if anyone has any opinions on > whether it's acceptable to enforce this. It's certainly very tempting. >
The software written by my company can reject based upon this; however we don't recommend outright rejections based upon this - instead we add a header for SpamAssassin and score it instead. Several reasons; there are a number of companies as you have found (that should know better) that breach this - when doing my own testing I found that "SurfControl E-Mail filter" was another. Expecting these companies to give a damn (I did mail them the issue to their support@) is unlikely unless a real heavyweight receiver starts to enforce this. One thing you should also note; if you allow outbound relay for MUA clients - you must exclude them from these checks; just about every version of Outlook Express that I tested adds extra spaces. My 2c. Kind regards, Steve. -- Steve Freegard Fort Systems Ltd.
