Re: [tlug] [slightly OT] SMTP and the internet, protocols and the internet

["Stephen J. Turnbull" <turnbull.stephen.fw@example.com>]

Christian Horn writes:

 > More like me interacting with the server from various clients
 > (android mobile, linux clients), and preferring to see the reverse
 > lookup as fluxcoil.net and not mail.fluxcoil.net .

Yeah, I really hate it when people insist on making things difficult.
I bet there's an ASN.1 representation of "originating mail server",
you could use that and then scream at them that if they're not parsing
ASN.1 WTF do they think they're doing!!?! :-)

Wow, you know you've had a bad week when you start making ASN.1 jokes!

 > I guess it's just to increase chances of reaching someone in case 
 > there are complaints about mails from my domain.

Uuuuuuhhhhh RFC 2142 (https://www.ietf.org/rfc/rfc2142.txt)

Here is the requirement statement.  Note that "must" is just as
mandatory as "MUST" -- the convention of capitalizing is just a way to
make it easy to spot requirements statements.

   However, if a given service is offerred, then the associated
   mailbox name(es) must be supported, resulting in delivery to a
   recipient appropriate for the referenced service or role.

And the generic "abuse@ADMIN.DOMAIN" mailbox must be supported, while
supporting these mailboxes addressed to any subdomain that accepts
mail is recommended.

So if reporting by email doesn't work, it's reasonable to impose a ban
on you.  If they want to be dicks about it, they could keep a database
of HELO domains, and if they see a new one, fire off a mail to
postmaster.  The content is "just checking, no reply needed" (in the
old days you could check for valid mailboxes without actually sending
mail (SMTP VRFY command) but that was abused by spammers so most
instances ignore it).  If that email is not accepted, assume the site
is rogue and refuse the email.

 > The "searching on my website for name/address/phone" is done manually,
 > which is actually surprising: one would suspect more people run MTA
 > and try to send mails to them without that data in whois.

I don't know.  Is your host a physical machine you own, or a rental
server or in the cloud?  In my case it's a physical machine, but if
they go looking for postmaster@ they'll get my employer (it's
intercepted at the firewall even though my nominal status is "outside
the firewall").  Other people will be using rental servers; maybe they
go after the hosting entity then.  There are probably only a few
people (ie, < 1 million :-) left with physical hosts.  When I move out
of the university, I'll surely go to a service such as Linode.

 > Maybe mail is already down to only the big players like gmail. t-online,
 > gmx, yahoo.

No, there are probably 10s or 100s of millions of domains that handle
their own mail still.  Granted, anybody doing a lot of mail probably
benefits from using the big providers for high availability and
relatively good spam filtering.

 > > Maybe whoever enforces GDPR where you are can help.
 > 
 > I think GDPR asked to get the data out of whois, from where it could
 > be easily gathered.  Just that with their idea of providing it via
 > website it could be even easier collected.

Yeah, I was mostly joking.  It just cracks me up when European
entities demand that you publish your PII where *anybody* can get it.