At 14:15 2/2/2004, Liron Newman wrote: >I think that this indeed should be integrated into the MTA.. The server >should check and see if the domain exists and if it does, if the sender >exists.. > >RFC 2505 thinks like me.. > >2.9. Verify "MAIL From:" > > The MTA SHOULD be able to perform a simple "sanity check" of the > "MAIL From:" domain and refuse to receive mail if that domain is > nonexistent (i.e. does not resolve to having an MX or an A record). > If the DNS error is temporary, TempFail, the MTA MUST return a 4xx > Return Code (Temporary Error). If the DNS error is an Authoritative > NXdomain (host/domain unknown) the MTA SHOULD still return a 4xx > Return Code (since this may just be primary and secondary DNS not > being in sync) but it MAY allow for an 5xx Return Code (as configured > by the sysadmin). > >Personally, I'd like to be able to tell the server to reject (At SMTP >level) all messages from non-existant domains, and I don't know about >rejecting messages from addresses that don't exist... I agree that checking MX and/or A for RHS MAIL FROM is a good idea. (I actually restricted that to MX checks, since a domain intended to receive mail *should* have an MX - so I don't fall back to an A check on a MAIL FROM RHS check.)
However, unless you're using one of the DNS-based sender verification protocols (such as SPF), I think verifying the sender (LHS) is going to be rather a problem. Most of the mail servers these days have VRFY and EXPN turned off (to prevent probing by spammers for valid addresses). So, how would you verify this then? By making a connection back to that mail server and walking through a session until RCPT TO? This doesn't accomplish much, except to get server operators mad at you for wasting their resources, because many servers are set (like mine) to accept any address - addresses which are not valid are held in a special mailbox and sorted through for legitimate but misspelled addresses, and the rest is treated as spam to feed the block list. Plus (and this is becoming more prevalent) some mail servers are adding people who do this sort of sender verification to their local blocking lists. Something to consider. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
