On 12/15/19 11:12 PM, John C Klensin wrote:
So, again, the first question for this list is whether we are comfortable with servers run in the IETF's name being non-conforming to IETF standards. I see objections to that on ethical and credibility ground, but others may disagree.
In general, not specific to SMTP: If it could be established that there was a substantial and legitimate operational reason to deviate from a standard, IMO the correct response is to file an erratum with the RFC Editor and correct the standard in the next revision. We should not be stubborn about sticking to standards that promote bad advice.
However, I seriously doubt that there is a legitimate reason to block mail that is sent using HELO/EHLO with an address literal. It is not a reliable indicator of spam, at least not over the long term. If there really are spammers sending mail that way, there is almost certain to be some clue in the content of the message that could be used to filter with similar effectiveness.
I have been of the impression for around 30 years that the HELO (later EHLO) argument is pretty much meaningless and really should be ignored.
Also, bogus spam filters appear to be at least as detrimental to the reliability of email as spam itself. IMO, IETF should not encourage such practices either in its standards or its practices, as they are harmful to the Internet. Heuristics will likely only work in the short term and shouldn't be promoted as good practice.
Keith
