Stan Hoeppner a écrit : > Len Conrad put forth on 12/26/2009 3:49 PM: > >> Requiring HELO is hardly an RFC-abusive setting. I expect almost no legit, >> nor illegit, SMTP servers send EXPN or VRFY before helo, > > I'll add that just about everyone disables VRFY these days to prevent valid > address harvesting, so if 5321 or any other RFC requires accepting VRFY then > we > are all out of RFC compliance. > > Concentrate on the aspects of RFCs that allow you to send/receive email > to/from > legitimate sites. Be loose with those that impede your ability to stop spam. > We've all read various places that over 90% of all email attempts/transactions > are spam. The authors or the relevant SMTP RFCs did not take this fact into > account last they wrote these documents. Look at the creation and last > modified > dates on these RFCs and you'll fully understand that they are behind the times > WRT dealing with spam. >
5321 dates back to last year (October 2008). The authors/contributors/... were fully aware of the spam problem. Keep in mind that: - (good & working) design is difficult - consensus is not easy - a design that changes every time there is a new "thing" (spam or whatever) is useless. Long before spam was what it is today, the old smap (from the FWTK) used to cheat with VRFY and EXPN (it echoed the address and claimed it had verified it and for EXPN, any address expands to $self). In fact, smap didn't validate addresses, so it couldn't do much for VRFY and EXPN (backscatter wasn't a problem at the time). The point is: the problems surrounding VRFY and EXPN were known since very long. Even before 2821 (April 2001).
