Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP
Path: utzoo!watmath!clyde!burl!hou3c!wales@UCLA-LOCUS.ARPA
From: wales@UCLA-LOCUS.ARPA (Rich Wales)
Newsgroups: net.mail.headers
Subject: What are SMTP commands "EXPN" and "VRFY" good for?
Message-ID: <831@hou3c.UUCP>
Date: Sat, 15-Sep-84 17:39:52 EDT
Article-I.D.: hou3c.831
Posted: Sat Sep 15 17:39:52 1984
Date-Received: Thu, 4-Oct-84 02:45:07 EDT
Sender: ka@hou3c.UUCP (Kenneth Almquist)
Lines: 109
To: Header-People@MIT-MC.ARPA

I would like to hear some other people's opinions on the SMTP "EXPN" and
"VRFY" commands.  I seriously wonder what, if anything, these commands
are good for.  As everyone probably knows, they are not required in the
"minimum" SMTP server implementation, and I can think of very few situ-
ations in which a mailer program would ever need (or want) to use them.

First, my gripes with EXPN.

The problem with using EXPN to expand a remote mailing list is that this
spoils any attempt by the receiving host to direct "undeliverable mail"
messages to someone who can fix the problem.

I think everyone by now agrees that problems relating to an invalid
address on a mailing list should be reported to whoever is responsible
for maintaining the mailing list -- NOT to the person who sent a message
to the list.  But there is no provision in the EXPN command for the
server to pass this information back to the requesting host.

Hence, any host which used EXPN in order to send directly to everyone on
a remote mailing list would defeat any attempt by the remote host to
direct error messages to the right place (by substituting a new "return
path" as the list was expanded).

Admittedly, mailing lists could be flagged in some way so that an EXPN
on the name would return only one line (namely, the address of the list)
-- but if you do this, what's the point in having EXPN at all?

Now, the problems with VRFY.

I have seen only one ARPANET host whose mailer routinely uses VRFY
(namely, MIT-MULTICS).  Even MIT-MULTICS appears to use VRFY only when
relaying mail originating on MAILNET.  The scenario seems to be as fol-
lows (based on an examination of the various system logs kept by our
SMTP server):

(1) MIT-MULTICS connects to our SMTP server and issue a VRFY -- which is
    rejected with a 502 ("command not implemented") reply code.

(2) MIT-MULTICS, upon having its VRFY command rebuffed in this manner,
    does a QUIT and closes the connection.

(3) Almost immediately thereafter, MIT-MULTICS connects to our SMTP
    server again and, without trying another VRFY, sends mail to the
    user named in the previous session's unsuccessful VRFY.

I sent a message to Postmaster@MIT-MULTICS a little while ago asking
about this strange behavior, but never received a reply.  I also re-
cently added code to our SMTP server to implement VRFY (for local user
names and mailing lists only), and I'm waiting to see what happens if
MIT-MULTICS says VRFY to us and gets a real answer back -- but, so far,
there have been no takers.

The idea of doing a VRFY on a user name before trying to send mail to
that name disturbs me.  RFC821's description of VRFY is vague enough to
make it unreliable as a means for validating an address before mailing
to it.  This is particularly true when non-local user names are involved
(if someone wants to send to "podunk!fred@UCLA-LOCUS.ARPA", there is no
way we can validate a command like "VRFY podunk!fred").  In any case,
I thought that validation of a recipient address -- if done by the SMTP
server at all -- belonged in the processing of the RCPT command.

The only scenario I can currently think of where a mailer program might
want to use VRFY is if a RCPT command is rejected and the mailer wants
to get as much info as possible to send back to the user.  For example,
assume I call up the PODUNK.ARPA SMTP server and try to send mail to
"fred@PODUNK.ARPA":

    220 PODUNK.ARPA SMTP server ready
    helo UCLA-LOCUS.ARPA
    250 PODUNK.ARPA (hi there, UCLA-LOCUS.ARPA)
    mail from:
    250 OK
    rcpt to:
    550 Sorry, no one named  here

At this point, I could do a VRFY and see if I get anything interesting:

    vrfy fred
    553-Ambiguous user name; try one of:
    553-Fred Jones 
    553 Fred Smith 
    quit
    221 PODUNK.ARPA SMTP server says bye-bye

Now, when I send the obligatory "rejection notice" back to the message
sender, I can include the reply to the VRFY in the message -- perhaps
like this:

    Date:       Sat, 15 Sep 84 14:20:10 PDT
    From:       UCLA-LOCUS Mail System 
    To:         John Jones 
    Subject:    Undeliverable mail to 

    ===== transcript of mailer session follows =====

	rcpt to:
	550 Sorry, no one named  here
	vrfy fred
	553-Ambiguous user name; try one of:
	553-Fred Jones 
	553 Fred Smith 

    ===== unsent message follows =====

    . . .

Other than this, I really can't think of a good use for VRFY.

-- Rich