4. Mandatory Actions

An MSA MUST do all of the following:

4.1. General Submission Rejection Code

Unless covered by a more precise response code, response code 554 is to be used to reject a MAIL, RCPT, or DATA command that contains something improper.

4.2. Ensure All Domains Are Fully-Qualified

The MSA MUST ensure that all domains in the SMTP envelope are fully-qualified.

If the MSA examines or alters the message text in any way, except to add trace header fields [SMTP-MTA], it MUST ensure that all domains in address header fields are fully-qualified.

Reply code 554 is to be used to reject a MAIL, RCPT, or DATA command that contains improper domain references.

A frequent local convention is to accept single-level domains (e.g., 'sales') and then to expand the reference by adding the remaining portion of the domain name (e.g., to 'sales.example.net'). Local conventions that permit single-level domains SHOULD reject, rather than expand, incomplete multi-level domains (e.g., 'squeaky.sales'), since such expansion is particularly risky.

4.3. Require Authentication

The MSA MUST by default issue an error response to the MAIL command if the session has not been authenticated using [SMTP-AUTH], unless it has already independently established authentication or authorization (such as being within a protected subnetwork).

Section 3.3 discusses authentication mechanisms.

Reply code 530 [SMTP-AUTH] is used for this purpose.

4.1. General Submission Rejection Code​

4.2. Ensure All Domains Are Fully-Qualified​

4.3. Require Authentication​

4.1. General Submission Rejection Code

4.2. Ensure All Domains Are Fully-Qualified

4.3. Require Authentication