On the other hand, by erroneously treating a SHOULD as a MUST, I would say that ...

FactolSarin · 2026-02-12T16:12:24 1770912744

Google is rejecting it to ensure incoming messages aren't spam. SHOULD means "you should do this unless you have a really, really good reason not to." Do they have a good reason not to? It doesn't seem so, meaning Viva is in the wrong here.

davoneus · 2026-02-12T16:52:45 1770915165

No, SHOULD is defined in the RFC, not by colloquial usage. Google is on the wrong, regardless of their "safety" intent.

After all, linguistics is full with examples of words that are spelled the same, but have different meaning in different cultures. I'm glad the RFC spelled it out it for everyone.

ragall · 2026-02-12T17:00:33 1770915633

The RFC says a SHOULD is to be treated like a MUST, but well-justified exceptions are allowed.

Dylan16807 · 2026-02-13T09:41:31 1770975691

RFC speak requires you to think for a while about skipping a SHOULD. It doesn't require strong justification.

pamcake · 2026-02-12T21:00:59 1770930059

When producing a message, it SHOULD have the id. With or withot it is compliant.

On the other end, we may receive messages with or without. Both are valid. We MUST therefore accept both variations.

The second one is a consequence of the former. So yes Google is the violating party.

HDThoreaun · 2026-02-13T03:59:08 1770955148

No it doesnt lmao. It's quoted all over this thread and clearly is not in any way like a MUST

shadowgovt · 2026-02-12T18:39:11 1770921551

if Google's choices are protecting users, they can't be in the wrong. That's the reality of a shared communications infrastructure regardless of what the docs say.

When the docs disagree with the reality of threat-actor behavior, reality has to win because reality can't be fooled.

fmbb · 2026-02-12T18:00:15 1770919215

Spam senders don’t have pseudorandom number generators?

Avamander · 2026-02-12T18:04:19 1770919459

They're more likely to put in the least amount of effort or care the least about the reasons how the header is used later on.

bawolff · 2026-02-13T06:44:18 1770965058

Did i miss the part of the RFC that says google must accept every message? Pretty sure the RFC allows email providers to reject any message they feel like.

citrin_ru · 2026-02-13T10:26:49 1770978409

RFC cannot force a mail server to accept spam. You may argue that requiring message-id is a bad anti-spam policy but it does reduce amount of spam. In my observations around a half or messages without message-id are spam. I would not use personally this as the only reason to reject a message but I understand why someone may choose to do.

ragall · 2026-02-12T17:00:00 1770915600

The RFC says a SHOULD is to be treated like a MUST, but well-justified exceptions are allowed.

alistairSH · 2026-02-12T17:34:06 1770917646

Per RFC2119: 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

So, it's fairly explicit that the sender should use message-id unless there's a good reason to not do so. The spec is quiet about the recipients behavior (unless there's another spec that calls it out).

throw7 · 2026-02-12T19:46:08 1770925568

Not a specification but "Be liberal in what you accept?" comes to mind. (which I always personally hated but i'm just one shoveler).

ragall · 2026-02-13T19:58:23 1771012703

Postel's law was a precept of the Internet of the 80's and 90's, when due to the primitive software engineering practices at that time, implementations couldn't be tested properly. That lead to many cases of poor interoperability, and it's no longer a good idea: for example, when HTML 5 was designed, they decide to put into the spec how to deal with the frequent errors like mismatched closing tags, etc... because all major implementations were "liberal" in what they accepted, but each in a different way.