+1 to remove that clause from the RFC. When a mail arrives without mid, either the sender did not use a real SMTP server or tried to hide it. We have a custom SA rule for it. We also reject upfront any mid with a syntax error, or whose domain does not have a rdns (eg. @localhost.localdomain or @test.com). Sent from ProtonMail Mobile
On Tue, Jul 25, 2017 at 5:20 PM, John Hardin <jhar...@impsec.org> wrote: > On Tue, 25 Jul 2017, Rupert Gallagher wrote: > Before bothering with body > spam, make sure the header is clear. The > specific email should have been > rejected upfront, because the foreign > sender's message-id pretends to > originate from the recipient's smtp > server. That's potentially valid. If a > MTA receives a message that has no message ID it is valid to add one from the > MTA's domain. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: > 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- I > would buy a Mac today if I was not working at Microsoft. -- James Allchin, > Microsoft VP of Platforms > ----------------------------------------------------------------------- 10 > days until the 282nd anniversary of John Peter Zenger's acquittal