Our mail submission system winds up handling two sorts of senders
Yesterday I mentioned that while in
theory our mail submission system could use sender verification to
check whether a
MAIL FROM address at an outside domain was valid,
but that I didn't feel this was worth it. One of the reasons I feel
this way is that I don't think this check will fail very often for
most outside domains, and to do that I need to talk about how we
have two sorts of senders: real people and machines.
Real people are, well, real people with a MUA who are sending email
out through us. My view is that when real people may send out email
using outside domains in their
From: address, it's extremely
likely that this address will be correct; if it's not correct, the
person is probably going to either notice it or get told by people
they are trying to talk to through some out of band mechanism.
Unless you're very oblivious and closed off, you're just not going
to spend very long with your MUA misconfigured this way. On top of
it, real people have to explicitly configure their address in their
MUA, which means there is a whole class of problems that get avoided.
Machines are servers and desktops and everything we have sitting
around on our network that might want to send status email, report
in to its administrator, spew out error reports to warn people of
stuff, and so on. Email from these machines is essentially
unidirectional (it goes out from the machine but not back), may not
be particularly frequent, and is often more or less automatically
configured. All of this makes it very easy for machines to wind up
with bad or bogus
MAIL FROMs. Often you have to go out of your
way during machine setup in order to not get this result.
(For instance, many machines will take their default domain for
MAIL FROMs from DNS PTR results, which malfunctions in the presence
of internal private zones.)
Most broken machine origin addresses are easily recognized, because they involve certain characteristic mistakes (eg using DNS PTR results as your origin domain). Many of these addresses cannot be definitively failed with sender verification because, for example, the machine doesn't even run a SMTP listener that you can talk to.
You can mostly use sender verification for addresses from real people, but even ignoring the other issues there's little point because they'll almost never fail. Real people will almost always be using sender addresses from outside domains, not from internal hostnames.