> How is not having a message-id a security risk?

CVE classify a lot of things that have nothing to do with security.

Not having a Message-ID can cause problems for loop-detection (especially on busy netnews and mailing lists), and with reliable delivery status notification.

Dealing with these things for clients who can't read the RFC wastes memory and time which can potentially deny legitimate users access to services

> It seems that Gmail is being pedantic for no reason

Now you know that feeling is just ignorance.

▲

hsbauauvhabzb 3 hours ago | parent [-]

So add a message id at the first stop, or hard ban the sender server version until they confirm. A midway point that involves a doom switch is not a good option.

	▲	geocar 26 minutes ago \| parent [-]
		> So add a message id at the first stop That should have already happened. Google is not the "first stop". > hard ban the sender server version until they confirm SMTP clients do not announce their version. Also I don't work for you, stop telling me what to do. > A midway point that involves a doom switch is not a good option. No shit. That's almost certainly a big part of why Google blocks messages from being transited without a Message-ID.