[Mimedefang] Received headers in general

kd6lvw at yahoo.com kd6lvw at yahoo.com
Wed May 23 14:49:56 EDT 2012 

--- On Wed, 5/23/12, David F. Skoll <dfs at roaringpenguin.com> wrote:
> On Wed, 23 May 2012 00:26:25 -0700 (PDT) kd6lvw at yahoo.com wrote:
> > This says nothing which forbids rejecting messages for
> > failing to meet SMTP syntax when transported via SMTP (or when they
> > claim such by stating "with SMTP" in the header data).
> 
> I disagree.  You are projecting your interpretation on the RFC authors.
> They say you MUST NOT reject a message for a bad trace header.  It further
> says that one reason for bad trace headers is non-SMTP systems.  It does
> not say it's OK to reject because of a bad trace header from an SMTP system.
> You're reading text that isn't there.

Wrong.  It directly states that we can't reject on the basis of trying to enforce SMTP trace header syntax upon non-SMTP trace headers.  That is all.  As noted, I don't apply the stricter checks to non-SMTP-claimed messages, so I am in fact following this section of RFC 5321.

> > If you're saying that we can't check a required syntax when it MUST be generated,
> 
> If you're writing an RFC-compliance checker, you SHOULD be as strict
> as you can.  If you're attempting to interoperate widely, such
> strictness is an impediment to interoperability.  Remember, the goal
> of Internet RFCs is to allow people to communicate, not for some
> people to show how much smarter they are than others.

Precisely, and as spammers often generate non-compliant messages, a RFC 5321 compliance filter installed into an MTA is a valid anti-spam measure.  Any "impediment to interoperability" is the sender's problem for not properly formatting their messages to begin with by using the required syntax (when they CLAIM they're using it by including "with SMTP").

Even the SpamAssassin community is currently going through the process to add rules enforcing certain compliance checks to messages:  1)  The requirement for a "sender" header with a single mailbox address when a "From" header has multiple mailboxes.  2)  Making certain that one of "To", "CC", or "BCC" is present.  3) Empty headers (other than "BCC").  Why?  Because spammers are abusing and violating these requirements. Given that, tell me why I should accept any inproperly formatted message, especially when spammers fail to comply?

cf. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6780
cf. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6781

More information about the MIMEDefang mailing list