Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP Path: utzoo!watmath!clyde!burl!hou3c!wales@UCLA-LOCUS.ARPA From: wales@UCLA-LOCUS.ARPA (Rich Wales) Newsgroups: net.mail.headers Subject: What are SMTP commands "EXPN" and "VRFY" good for? Message-ID: <831@hou3c.UUCP> Date: Sat, 15-Sep-84 17:39:52 EDT Article-I.D.: hou3c.831 Posted: Sat Sep 15 17:39:52 1984 Date-Received: Thu, 4-Oct-84 02:45:07 EDT Sender: ka@hou3c.UUCP (Kenneth Almquist) Lines: 109 To: Header-People@MIT-MC.ARPA I would like to hear some other people's opinions on the SMTP "EXPN" and "VRFY" commands. I seriously wonder what, if anything, these commands are good for. As everyone probably knows, they are not required in the "minimum" SMTP server implementation, and I can think of very few situ- ations in which a mailer program would ever need (or want) to use them. First, my gripes with EXPN. The problem with using EXPN to expand a remote mailing list is that this spoils any attempt by the receiving host to direct "undeliverable mail" messages to someone who can fix the problem. I think everyone by now agrees that problems relating to an invalid address on a mailing list should be reported to whoever is responsible for maintaining the mailing list -- NOT to the person who sent a message to the list. But there is no provision in the EXPN command for the server to pass this information back to the requesting host. Hence, any host which used EXPN in order to send directly to everyone on a remote mailing list would defeat any attempt by the remote host to direct error messages to the right place (by substituting a new "return path" as the list was expanded). Admittedly, mailing lists could be flagged in some way so that an EXPN on the name would return only one line (namely, the address of the list) -- but if you do this, what's the point in having EXPN at all? Now, the problems with VRFY. I have seen only one ARPANET host whose mailer routinely uses VRFY (namely, MIT-MULTICS). Even MIT-MULTICS appears to use VRFY only when relaying mail originating on MAILNET. The scenario seems to be as fol- lows (based on an examination of the various system logs kept by our SMTP server): (1) MIT-MULTICS connects to our SMTP server and issue a VRFY -- which is rejected with a 502 ("command not implemented") reply code. (2) MIT-MULTICS, upon having its VRFY command rebuffed in this manner, does a QUIT and closes the connection. (3) Almost immediately thereafter, MIT-MULTICS connects to our SMTP server again and, without trying another VRFY, sends mail to the user named in the previous session's unsuccessful VRFY. I sent a message to Postmaster@MIT-MULTICS a little while ago asking about this strange behavior, but never received a reply. I also re- cently added code to our SMTP server to implement VRFY (for local user names and mailing lists only), and I'm waiting to see what happens if MIT-MULTICS says VRFY to us and gets a real answer back -- but, so far, there have been no takers. The idea of doing a VRFY on a user name before trying to send mail to that name disturbs me. RFC821's description of VRFY is vague enough to make it unreliable as a means for validating an address before mailing to it. This is particularly true when non-local user names are involved (if someone wants to send to "podunk!fred@UCLA-LOCUS.ARPA", there is no way we can validate a command like "VRFY podunk!fred"). In any case, I thought that validation of a recipient address -- if done by the SMTP server at all -- belonged in the processing of the RCPT command. The only scenario I can currently think of where a mailer program might want to use VRFY is if a RCPT command is rejected and the mailer wants to get as much info as possible to send back to the user. For example, assume I call up the PODUNK.ARPA SMTP server and try to send mail to "fred@PODUNK.ARPA": 220 PODUNK.ARPA SMTP server ready helo UCLA-LOCUS.ARPA 250 PODUNK.ARPA (hi there, UCLA-LOCUS.ARPA) mail from:250 OK rcpt to: 550 Sorry, no one named here At this point, I could do a VRFY and see if I get anything interesting: vrfy fred 553-Ambiguous user name; try one of: 553-Fred Jones 553 Fred Smith quit 221 PODUNK.ARPA SMTP server says bye-bye Now, when I send the obligatory "rejection notice" back to the message sender, I can include the reply to the VRFY in the message -- perhaps like this: Date: Sat, 15 Sep 84 14:20:10 PDT From: UCLA-LOCUS Mail System To: John Jones Subject: Undeliverable mail to ===== transcript of mailer session follows ===== rcpt to: 550 Sorry, no one named here vrfy fred 553-Ambiguous user name; try one of: 553-Fred Jones 553 Fred Smith ===== unsent message follows ===== . . . Other than this, I really can't think of a good use for VRFY. -- Rich