[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is the .to (Tonga) domain completely rogue and should be removed?

Read RFC 1123, section 5.2.3. 

      5.2.3  VRFY and EXPN Commands: RFC-821 Section 3.3

         A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN
         (this requirement overrides RFC-821).  However, there MAY be
         configuration information to disable VRFY and EXPN in a
         particular installation; this might even allow EXPN to be
         disabled for selected lists.

         A new reply code is defined for the VRFY command:

              252 Cannot VRFY user (e.g., info is not local), but will
                  take message for this user and attempt delivery.

              SMTP users and administrators make regular use of these
              commands for diagnosing mail delivery problems.  With the
              increasing use of multi-level mailing list expansion
              (sometimes more than two levels), EXPN has been
              increasingly important for diagnosing inadvertent mail
              loops.  On the other hand,  some feel that EXPN represents
              a significant privacy, and perhaps even a security,

VRFY is hardly an "incorrect SMTP command."

>Your reasoning as to why its responses to incorrect SMTP
>commands constitutes evidence that the .TO domain is "negligent",
>"mismanaged" and "an attractive resource for criminal activities"
>is ironically incorrect. In fact, having an *unsecured* port 25 open to mail
>relaying would be negligent.

>Best regards,

>- Eric Gullichsen
>  Tonic Corporation
>  Kingdom of Tonga Network Information Center
>  http://www.tonic.to
>  Email: [email protected]