Incoming SMTP in the year 2017 and absence of DKIM

William Herrin bill at herrin.us
Thu Nov 30 02:16:43 CST 2017


On Wed, Nov 29, 2017 at 5:50 PM, John Levine <johnl at iecc.com> wrote:
>
> In article <3677d101-3874-b8e4-87b3-37e4dd870325 at tnetconsulting.net> you
write:
> >> Normal lists put their own bounce address in the
> >> envelope so they can handle the bounces, so their own SPF applies.
> >
> >Yep.  V.E.R.P. is a very powerful thing.  (B.A.T.V. is an interesting
> >alternative, but I never messed with it.)
>
> VERP helps identify the bouncing party, but list bounce handling works
> fine without it.

Not so much, no.

There's no "must" standard for the format of bounce message, deferred
bounces are still a thing and mail gets auto-forwarded to addresses which
bounce (that is, bounce from an address different than the one you sent to).

Without something like VERP to encode the original recipient in the return
address, the percentage of bounces your list successfully processes each
month will slowly but steadily decline.

Broken rDNS is just broken, since there's approximately no reason ever
> to send from a host that doesn't know its own name.  Broken SPF may or
> may not be an issue since there are lots of legit ways to send mail
> that SPF can't describe.
>

+1


>P.S.  I'm strongly of the opinion that if a MLM alters the message in
> >ANY capacity, that it is actually generating a new message.  Thus the
> >MLM is the new author.  It's just using content strongly based on emails
> >that came into it.  -  But that's a different discussion that lasted
> >days on the mailman mailing list.
>
> It's an interesting theological argument but it makes little practical
> difference.
>

I could not disagree with you more. It's relatively easy to design and
implement a system which allows the originating MUA and MTA to offer proof
of authority to act on behalf of a given email address. Though possible,
systems which would allow intermediate mail handlers to generate proof of
authority to handle a message alleged to originate from a particular
address don't especially exist and would be much more complex. Systemic and
computational complexity is a very practical difference between the two
situations.

Regards,
Bill Herrin


-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>


More information about the NANOG mailing list