This is the normative reference.
RFC 822, pg. 30, section 6.2.3
----------------------------------------------------------------------
msg-id = "<" addr-spec ">";
addr-spec = local-part "@" domain;
domain = sub-domain *("." sub-domain);
sub-domain = domain-ref / domain-literal;
<<a domain-ref must be THE official name of a registry, network, or host>>
Note that the "@" must also be present as part of the well-formed-formula.
When absent, the string is not well formed, and a syntax error occurs.
RFC 5322, pg. 27, section 3.6.4
---------------------------------------------------------------
<< The message identifier (msg-id) itself MUST be a globally unique
identifier for a message. The generator of the message identifier
MUST guarantee that the msg-id is unique. There are several
algorithms that can be used to accomplish this. Since the msg-id has
a similar syntax to addr-spec (identical except that quoted strings,
comments, and folding white space are not allowed), a good method is
to put the domain name (or a domain literal IP address) of the host
on which the message identifier was created on the right-hand side of
the "@" (since domain names and IP addresses are normally unique),
and put a combination of the current absolute date and time along
with some other currently unique (perhaps sequential) identifier
available on the system (for example, a process id number) on the
left-hand side. Though other algorithms will work, it is RECOMMENDED
that the right-hand side contain some domain identifier (either of
the host itself or otherwise) such that the generator of the message
identifier can guarantee the uniqueness of the left-hand side within
the scope of that domain. >>
Happy new year.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
> -------- Original Message --------
> Subject: Re: Malformed spam email gets through.
> Local Time: 2 January 2018 9:54 AM
> UTC Time: 2 January 2018 08:54
> From: r...@protonmail.com
> To: users@spamassassin.apache.org
>
> You are wrong. I will quote from the standard when I get back to my desk.
>
> Sent from ProtonMail Mobile
>
> On Mon, Jan 1, 2018 at 17:17, Bill Cole
> <sausers-20150...@billmail.scconsult.com> wrote:
>
>> On 1 Jan 2018, at 3:54 (-0500), Rupert Gallagher wrote: > We reject anything
>> whose mid does not include the fqdn or address > literal of their sending
>> server. We do this because the RFC says > explicitly that the mid *MUST*
>> have those features. This is a blatant falsehood. Relevant RFCs:
>> https://tools.ietf.org/html/rfc5322#section-3.6.4
>> https://tools.ietf.org/html/rfc2822#section-3.6.4
>> https://tools.ietf.org/html/rfc822#section-4.6 The only "MUST" in regard to
>> MID content in any of those is uniqueness. Use of a domain identifier is
>> merely RECOMMENDED. Beyond that, it is *IMPOSSIBLE* for a receiving system
>> to reliably determine whether the right-hand part of a MID is a valid host
>> or domain identifier for the generator of the MID. -- Bill Cole
>> b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many
>> *@billmail.scconsult.com addresses) Currently Seeking Steady Work:
>> https://linkedin.com/in/billcole
