nanog mailing list archives
Re: VeriSign SMTP reject server updated
From: Paul Vixie <vixie () vix com>
Date: 20 Sep 2003 19:47:15 +0000
mlarson () verisign com (Matt Larson) writes:
We are interested in feedback on the best way within the SMTP protocol to definitively reject mail at these servers. One alternate option we are considering is rejecting the SMTP transaction by returning a 554 response code as described in Section 3.1 of RFC 2821. Our concern is if this response effectively causes most SMTP servers to bounce the message, which is the desired reaction.
is it? right now there are a lot of unintended consequences and several of them are rather painful. for example, let's say you were using a friend as your backup MX and he got put on domain-hold. or in the more common case you misspell your backup mx. either way mail that should be queued and then later would have been successfully delivered will bounce at the verisign server.
We are researching common SMTP servers' handling of this response code; at least one popular server appears to requeue mail after receiving 554. Another option is remaining with the more standard SMTP sequence (returning 250 in response to HELO/EHLO), but then returning 550 in response to MAIL FROM as well as RCPT TO.
no matter what you do you're turning nonfatal error conditions into fatal ones. i'm not sure it matters which kind of fatal condition you cause, or the specific smtp messages you use to cause it. either way you're in the loop and there's no good that can come of it from an e-mail p-o-v. before we deployed root-delegation-only here, i was also annoyed that my e-mail tool could not tell me about misspelled domain names at "send" time and i had to wait for the wildcard mail servers to bounce the traffic. i am much happier with nxdomain than i was with the wildcard. it's just sad that i'm going to have to move vix.com to a different parent domain name to get that behaviour to work for me as a recipient and others as senders.
I would welcome feedback on these options sent to me privately or the list; I will summarize the former.
i chose to send this to the list since some folks have been wondering if i'm a verisign apologist lately and i believe that open debate is better for this kind of thing. -- Paul Vixie
Current thread:
- Re: VeriSign SMTP reject server updated, (continued)
- Re: VeriSign SMTP reject server updated ken emery (Sep 20)
- Re: VeriSign SMTP reject server updated Petri Helenius (Sep 21)
- Re: VeriSign SMTP reject server updated ken emery (Sep 20)
- Re: VeriSign SMTP reject server updated Niels Bakker (Sep 20)
- Re: VeriSign SMTP reject server updated Declan McCullagh (Sep 20)
- Re: VeriSign SMTP reject server updated Matthew Sullivan (Sep 20)
- Re: VeriSign SMTP reject server updated bdragon (Sep 20)
- Re: VeriSign SMTP reject server updated Stephen J. Wilcox (Sep 20)
- Re: VeriSign SMTP reject server updated Roy (Sep 20)
- Re: VeriSign SMTP reject server updated Robert Blayzor (Sep 20)
- Re: VeriSign SMTP reject server updated Paul Vixie (Sep 20)
- Re: VeriSign SMTP reject server updated Sean Donelan (Sep 20)
- Re: VeriSign SMTP reject server updated Paul Vixie (Sep 20)
- When is Verisign's registry contract up for renewal Sean Donelan (Sep 20)
- Re: When is Verisign's registry contract up for renewal Robert Blayzor (Sep 20)
- Re: When is Verisign's registry contract up for renewal Paul Vixie (Sep 20)
- Re: When is Verisign's registry contract up for renewal Henry Linneweh (Sep 20)
- Re: When is Verisign's registry contract up for renewal Jared Mauch (Sep 21)
- Re: VeriSign SMTP reject server updated Sean Donelan (Sep 20)
- Re: When is Verisign's registry contract up for renewal Brian Bruns (Sep 20)
- Re: When is Verisign's registry contract up for renewal Robert Blayzor (Sep 20)
- Re: VeriSign SMTP reject server updated Eric A. Hall (Sep 20)