Keith Moore wrote:
[excerpts from my private reply to Frank's message]
Oops. when I saw your mail in my inbox and here I assumed that
it's the same and kept only the latter for a later reply.
One thought I had: What you call "MON" in your memo should be
also an "MRN". Otherwise I'd say that those who don't want to
get mail (incl. error messages) have no business to send mail.
And if that's the case I don't care which particular addresses
in the MON are used as MAIL FROM for mails from this MON. If
they use dave(_dot_)null(_at_)MON(_dot_)example it's okay, they're not forced
to read error messages.
But they must not send a MAIL FROM "non-local user" (in your
terminology) where error messages would hit another MON / MRN.
That BTW is the pretty simple idea of SPF.
When you said 'brain-dead authentication schemes' on the IETF
list I hope you meant PRA or whatever else, not the simple SPF,
That started with your "define 'sender'" remark, and checking
RfC 3834 I found that you also avoided to define it. But you
have a very clear concept which of the "return addresses" is
suited for auto-replies, of course the MAIL FROM, and not some
braindead (now I say it) PRA / Sender / Reply-To / 2822-From.
The real "purported responsible address" is the MAIL FROM, the
PRA idea is just wrong, and tricks with Resent-* addresses are
madness.
<rant> If the IESG really allows this PRA-"experiment" abusing
policies designed for the MAIL FROM they are too incompetent
to serve the net at large in any position. </rant> Cowardly
bypassing a proper "last call" is also a very bad sign. It
would not only hurt SPF, but also SMTP.
I don't think it's good to require a special-type of MSA for
anonymous mail.
For anonymous mail you need special authentication and privacy
tricks, the goals are very different from a simple accountable
sender. I don't know much about the technical problems, and
reading the APAS (alt.privacy.anon.serers) FAQ some years ago
didn't help, but unlike MSAs and SMTP it's not more "simple".
And draft-hutzler wants to be simple, the audience are normal
admins at normal ISPs.
we need to stop pretending that there's a relationship
between From address and the MSA used by the originator
See above, of course there's a relationship between a "sender"
and the MSA where MAIL FROM "sender" is submitted. It doesn't
work without this accountability. With your idea, only an ID
in the timestamp, you'd get first the "bounces to" the forged
MAIL FROM, that's reported to abuse(_at_)MSA, and then somebody has
to decode the ID and warn / block the user of the infected box.
Today abuse is the normal case, legit mails are the exception,
So in a draft with "spamops" in its title you can't start to
design a system for anonymous mails, it's completely different
from the daily abuse.
It's already an option in RfC 2476 and RfC 2476bis (6.1) for
MAIL FROM, and another option for the 822-Sender in (8.1).
sounds like something that needs to be clarified/fixed in
2476bis.
These parts are the same as in 2476, I watched the submit-bis
drafts. And that (8.1) is "only" an option is one of the many
reasons why PRA is so stupid, who should fix an 2822-sender to
match the MAIL FROM if not the MSA, the MUAs ? PRA is a FUSSP.
Bye, Frank