Author: David Woodhouse Date: To: Jethro R Binks CC: exim-users Subject: Re: [Exim] Opinions sought: Most effective spam
reductiontechniques
On Tue, 2004-08-17 at 14:06 +0100, Jethro R Binks wrote: > Anyway, aside from issues like an MUA like Outlook should be submitting
> mail to the Internet through an MSA which should be fixing up a lack of
> Message-ID: header, it seems from what you say David that you'd be
> refusing mail from any user of the relevant Outlook version.
You're right -- if it comes through an MSA (like Exchange) it tends to
have a Message-Id added.
In fact, if Outlook uses my system as an MSA then it'll get a Message-Id
added too. It's only for incoming non-submission SMTP that I reject for
lack of it. I should have made that clearer, perhaps.
> While I agree that the RFC does specify that there SHOULD be a Message-ID:
> header, it is not strictly a violation to not have one.
RFC2119 says:
3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
I've never had anyone explain a valid reason for ignoring the part of
RFC2822 which says you SHOULD include a message-id header, and explain
how they carefully weighed the implications and decided to omit it. I've
only ever known it be omitted by accident, which _is_ a clear violation
:)
OK, if you really want a reason to omit it, there's the fact that
RFC2822 says if you include one it _MUST_ be unique, and that in fact
it's actually impossible to guarantee that it's unique in the presence
of someone actively trying to cause collisions by guessing what
message-id you might use next... hence by implication you MUST NOT
include one. But that's too silly :)
> [In my case recently, one of my users' mail was being
> rejected by one site as they considered the lack of a Message-ID: header
> to be a sure sign of spam, which I disputed].
But you fixed it and now they have a Message-ID? That's a perfectly
acceptable 'false positive' from my point of view -- in fact I don't
even think of it as false positive. You weren't obeying the rules; you
are now.