Re: [Exim] Opinions sought: Most effective spam reductiontec…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Jethro R Binks
CC: exim-users
Subject: Re: [Exim] Opinions sought: Most effective spam reductiontechniques
On Tue, 2004-08-17 at 14:06 +0100, Jethro R Binks wrote:
> Anyway, aside from issues like an MUA like Outlook should be submitting
> mail to the Internet through an MSA which should be fixing up a lack of
> Message-ID: header, it seems from what you say David that you'd be
> refusing mail from any user of the relevant Outlook version.


You're right -- if it comes through an MSA (like Exchange) it tends to
have a Message-Id added.

In fact, if Outlook uses my system as an MSA then it'll get a Message-Id
added too. It's only for incoming non-submission SMTP that I reject for
lack of it. I should have made that clearer, perhaps.

> While I agree that the RFC does specify that there SHOULD be a Message-ID:
> header, it is not strictly a violation to not have one.


RFC2119 says:

3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.

I've never had anyone explain a valid reason for ignoring the part of
RFC2822 which says you SHOULD include a message-id header, and explain
how they carefully weighed the implications and decided to omit it. I've
only ever known it be omitted by accident, which _is_ a clear violation
:)

OK, if you really want a reason to omit it, there's the fact that
RFC2822 says if you include one it _MUST_ be unique, and that in fact
it's actually impossible to guarantee that it's unique in the presence
of someone actively trying to cause collisions by guessing what
message-id you might use next... hence by implication you MUST NOT
include one. But that's too silly :)

> [In my case recently, one of my users' mail was being
> rejected by one site as they considered the lack of a Message-ID: header
> to be a sure sign of spam, which I disputed].


But you fixed it and now they have a Message-ID? That's a perfectly
acceptable 'false positive' from my point of view -- in fact I don't
even think of it as false positive. You weren't obeying the rules; you
are now.

--
dwmw2