This is the normative reference. RFC 822, pg. 30, section 6.2.3 ---------------------------------------------------------------------- msg-id = "<" addr-spec ">"; addr-spec = local-part "@" domain; domain = sub-domain *("." sub-domain); sub-domain = domain-ref / domain-literal;
<<a domain-ref must be THE official name of a registry, network, or host>> Note that the "@" must also be present as part of the well-formed-formula. When absent, the string is not well formed, and a syntax error occurs. RFC 5322, pg. 27, section 3.6.4 --------------------------------------------------------------- << The message identifier (msg-id) itself MUST be a globally unique identifier for a message. The generator of the message identifier MUST guarantee that the msg-id is unique. There are several algorithms that can be used to accomplish this. Since the msg-id has a similar syntax to addr-spec (identical except that quoted strings, comments, and folding white space are not allowed), a good method is to put the domain name (or a domain literal IP address) of the host on which the message identifier was created on the right-hand side of the "@" (since domain names and IP addresses are normally unique), and put a combination of the current absolute date and time along with some other currently unique (perhaps sequential) identifier available on the system (for example, a process id number) on the left-hand side. Though other algorithms will work, it is RECOMMENDED that the right-hand side contain some domain identifier (either of the host itself or otherwise) such that the generator of the message identifier can guarantee the uniqueness of the left-hand side within the scope of that domain. >> Happy new year. Sent with [ProtonMail](https://protonmail.com) Secure Email. > -------- Original Message -------- > Subject: Re: Malformed spam email gets through. > Local Time: 2 January 2018 9:54 AM > UTC Time: 2 January 2018 08:54 > From: r...@protonmail.com > To: users@spamassassin.apache.org > > You are wrong. I will quote from the standard when I get back to my desk. > > Sent from ProtonMail Mobile > > On Mon, Jan 1, 2018 at 17:17, Bill Cole > <sausers-20150...@billmail.scconsult.com> wrote: > >> On 1 Jan 2018, at 3:54 (-0500), Rupert Gallagher wrote: > We reject anything >> whose mid does not include the fqdn or address > literal of their sending >> server. We do this because the RFC says > explicitly that the mid *MUST* >> have those features. This is a blatant falsehood. Relevant RFCs: >> https://tools.ietf.org/html/rfc5322#section-3.6.4 >> https://tools.ietf.org/html/rfc2822#section-3.6.4 >> https://tools.ietf.org/html/rfc822#section-4.6 The only "MUST" in regard to >> MID content in any of those is uniqueness. Use of a domain identifier is >> merely RECOMMENDED. Beyond that, it is *IMPOSSIBLE* for a receiving system >> to reliably determine whether the right-hand part of a MID is a valid host >> or domain identifier for the generator of the MID. -- Bill Cole >> b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many >> *@billmail.scconsult.com addresses) Currently Seeking Steady Work: >> https://linkedin.com/in/billcole