[53917] in North American Network Operators' Group
Re: MSRFCs versus RFCs?
daemon@ATHENA.MIT.EDU (Jim Hickstein)
Mon Dec 2 23:09:35 2002
Date: Mon, 02 Dec 2002 20:09:07 -0800
From: Jim Hickstein <jxh@jxh.com>
To: joej@Rocknyou.com
Cc: nanog@merit.edu
In-Reply-To: <200211280653.gAS6r6702619@Rocknyou.com>
Errors-To: owner-nanog-outgoing@merit.edu
RFC-2505 (BCP-30) talks about which return codes to use, among other
things. Not a direct hit, perhaps. RFC-1891 (DSNs) may also have
something.
You want an RFC-lawyer. Given another hour or so, I could probably come up
with the necessary citation, either in the RFCs themselves or in other
suitably authoritative-sounding sources. But my pro-bono time has run out
for today. :-)
Or you could just ask Eric.
> ahead) If I send an email to JoeSmo@domain.com and spoof the
> Mail From as Victim@innocentdomain.com to an Exchange Server
> setup in this manor, the Exchange server will bounce an email
> to the Victim@innoccentdomain.com. While this is all fine and
> dandy, if a person(s) decides to use this as a mailbomb method
> and exploit this, its rather simple to do. So, in short I am
> aguing that
> 1> Mail destine for a domain not handled should be 550 Denied.
> 2> None Delivery Reports should only be sent for Domains Handled.
> 3> That a Firewall should not be doing Domain checking for SMTP
>
> What I am at a loss for is RFCs that explicitly state this, that
> is NDR for other domains, and accepting for other domains.
