From: Anonymous <nobody@replay.com>
Date: Sat, 3 Oct 1998 13:39:22 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Is the .to (Tonga) domain completely rogue and should be removed?
Message-ID: <199810031841.UAA06353@replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Read RFC 1123, section 5.2.3. 

      5.2.3  VRFY and EXPN Commands: RFC-821 Section 3.3

         A receiver-SMTP MUST implement VRFY and SHOULD implement EXPN
         (this requirement overrides RFC-821).  However, there MAY be
         configuration information to disable VRFY and EXPN in a
         particular installation; this might even allow EXPN to be
         disabled for selected lists.

         A new reply code is defined for the VRFY command:

              252 Cannot VRFY user (e.g., info is not local), but will
                  take message for this user and attempt delivery.

         DISCUSSION:
              SMTP users and administrators make regular use of these
              commands for diagnosing mail delivery problems.  With the
              increasing use of multi-level mailing list expansion
              (sometimes more than two levels), EXPN has been
              increasingly important for diagnosing inadvertent mail
              loops.  On the other hand,  some feel that EXPN represents
              a significant privacy, and perhaps even a security,
              exposure.

VRFY is hardly an "incorrect SMTP command."

>Your reasoning as to why its responses to incorrect SMTP
>commands constitutes evidence that the .TO domain is "negligent",
>"mismanaged" and "an attractive resource for criminal activities"
>is ironically incorrect. In fact, having an *unsecured* port 25 open to mail
>relaying would be negligent.

>Best regards,

>- Eric Gullichsen
>  Tonic Corporation
>  Kingdom of Tonga Network Information Center
>  http://www.tonic.to
>  Email: egullich@tonic.to