Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!brl-adm!brl-smoke!smoke!gds@sri-spam.ARPA
From: gds@sri-spam.ARPA (The lost Bostonian)
Newsgroups: net.mail.headers
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <4262@brl-smoke.ARPA>
Date: Tue, 30-Sep-86 15:03:56 EDT
Article-I.D.: brl-smok.4262
Posted: Tue Sep 30 15:03:56 1986
Date-Received: Sat, 4-Oct-86 10:35:17 EDT
Sender: news@brl-smoke.ARPA
Lines: 24

> From: Mark Crispin <MRC@SIMTEL20.ARPA>

> The Internet protocols are insecure by nature.  A reasonably suspicious
> host should always record the host name or IP address of the how which
> actually connected to the SMTP server (the real host, not what was
> claimed in a HELO).

If it is true that all IP implementations enable a server program to
determine the IP address of its peer, then the HELO command, and its
response could be eliminated, which would save us a few bytes.
Certainly the response to the HELO is not necessary, since the server
has already identified itself in the opening greeting.

However, I quote from RFC 821, the explanation for HELO:

	This command and an OK reply to it confirm that both the
	sender-SMTP and receiver-SMTP are in the initial state, 
	that is, there is no transaction in progress and all state
	tables and buffes are cleared.

I do not see that there would be a big problem of detecting the initial
state without a HELO.  Other protocols (FTP, NNTP) don't use it.

--gregbo