On Sat, Apr 19, 2014 at 8:31 AM, Ned Freed <ned.freed@xxxxxxxxxxx> wrote:
It's outrageously poor advice, for the simple reason that there's all kinds of
> > >"If the RFC5322.From domain does not exist in the DNS, Mail Receivers
> > >SHOULD direct the receiving SMTP server to reject the message."
> >
> > As far as I can tell, that bit of poor advice hasn't been implemented.
> Why is that poor advice? It's not uncommon for an MTA receiving mail to
> confirm that the message is replyable, at least insofar as an A and MX are
> available for whatever comes after the "@".
legitimate email that's sent for all kinds of different reasons that you don't
want people to be able to reply to. And the sooner they get a failure when they
try and reply, the better.
As such, the ability to reply to the RFC5322.From tells you almost nothing
about its legitimacy.
It's yet another case where a failure to consider the multiple semamtics
field like RFC5322.From has, and designing to a subset of those designs,
ends up screwing things up.
If you say so, but I can't think of an example off the top of my head. Is that still a currently-used tactic? Most of the examples I can think of involve a valid address that produces an automated response when someone replies, rather than using something that is completely unreachable.
I seem to recall common use of From: field validation back when that capability was introduced into open source sendmail as an anti-spam tactic, though it was never supported by the vendor directly. Maybe it's less common now.
-MSK