Is the .to (Tonga) domain completely rogue and should be removed?
Anonymous
nobody at replay.com
Fri Oct 2 22:39:22 PDT 1998
Read RFC 1123, section 5.2.3.
5.2.3 VRFY and EXPN Commands: RFC-821 Section 3.3
A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN
(this requirement overrides RFC-821). However, there MAY be
configuration information to disable VRFY and EXPN in a
particular installation; this might even allow EXPN to be
disabled for selected lists.
A new reply code is defined for the VRFY command:
252 Cannot VRFY user (e.g., info is not local), but will
take message for this user and attempt delivery.
DISCUSSION:
SMTP users and administrators make regular use of these
commands for diagnosing mail delivery problems. With the
increasing use of multi-level mailing list expansion
(sometimes more than two levels), EXPN has been
increasingly important for diagnosing inadvertent mail
loops. On the other hand, some feel that EXPN represents
a significant privacy, and perhaps even a security,
exposure.
VRFY is hardly an "incorrect SMTP command."
>Your reasoning as to why its responses to incorrect SMTP
>commands constitutes evidence that the .TO domain is "negligent",
>"mismanaged" and "an attractive resource for criminal activities"
>is ironically incorrect. In fact, having an *unsecured* port 25 open to mail
>relaying would be negligent.
>Best regards,
>- Eric Gullichsen
> Tonic Corporation
> Kingdom of Tonga Network Information Center
> http://www.tonic.to
> Email: egullich at tonic.to
More information about the cypherpunks-legacy
mailing list