ietf-822
[Top] [All Lists]

Re: Mandatory From field, anonymity, and hacks

2004-07-24 19:12:39

In <41011B42(_dot_)6070301(_at_)erols(_dot_)com> Bruce Lilly 
<blilly(_at_)erols(_dot_)com> writes:

Charles Lindsey wrote:

Yes, we had long discussions about this in the USEFOR WG. The feeling was
that 'munging' addresses for spam avoidance was a Bad Thing, and that the
only socially acceptable thing was to use your genuine email address. But
we had to face the fact that people were going to do it anyway. OTOH, we
could not openly condone or deprecate the practice in a standards track
document.

Two questions, based on the following text in an approved Standards Track
RFC (viz. RFC 2821):

3.8.4 Other Header Fields in Gatewaying

  The gateway MUST ensure that all header fields of a message that it
  forwards into the Internet mail environment meet the requirements for
  Internet mail.  In particular, all addresses in "From:", "To:",
  "Cc:", etc., fields MUST be transformed (if necessary) to satisfy RFC
  822 syntax, MUST reference only fully-qualified domain names, and
  MUST be effective and useful for sending replies.

I find that last sentence rather odd, because the stated aim of that
paragraph is to meet the requirements for internet mail, and yet having a
bogus From field is only a SHOULD NOT in RFC 2822, which hardly justifies
that final MUST.

Question 1: Why do you believe that the practice of using invalid
addresses cannot be "openly" deprecated in a Standards Track document
(N.B. "MUST be effective and useful" above, which goes well beyond
mere deprecation of ineffective and/or unusable addresses)?

Because munging of From addresses on Usenet is a current social
phenomenon, and standards would do well not to interfere in social issues.
In any case, it is going to happpen whatever the standard says.

Question 2: Since the text above places specific requirements on gateways
into the mail environment, _specifically_ and _in_ _detail_ how do you
propose that an invalid mailbox in a (mandatory per RFC 2822) From field
would be converted by a news-to-mail gateway into an "effective and useful"
mailbox in accordance with the mandatory requirements of RFC 2821
section 3.8.4? [note that there is no provision in the syntax of the
field for no mailbox]

I have no idea, but a useful first question would be "what happens at the
moment?". My suspicion is that current news-to-mailing-list gateways
simply ignore that bit of RFC 2821. Can you please point me to one that
does takes positive action in this matter - it would be interesting to see
what it actually does?

What we did, therefore, was to use wording, essentially the same as RFC
2822, that the From address should be the email address of the
author/poster.

That is *NOT* what RFC 2822 says!

It looks pretty close to the RFC 2822 wording to me, though we did not go
as far as that SHOULD.

But we then added that if the poster should "for whatever
reasons" wish to use a non-working email address, then he SHOULD use a
domain ending in ".invalid".

And therein lies a problem, for that is not the intent of RFC 2026 in
making provision for a domain name for DNS testing purposes.

RFC 2026 is titled "The Internet Standards Process". Perhaps you meant RFC
2606?

That says "can be used for private testing..., example in documentation,
DNS related experimentation, invalid DNS names, or other similar uses". I
think that is wide enough to cover the intended usage.

In any case, would you prefer a poster to use

    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com>

(which involves a full DNS search each time someone tries to mail to it,
because DNS failures are never cached), or would you prefer

    From: Joe Doe <jdoe(_at_)REMOVE-THIS(_dot_)foo(_dot_)com(_dot_)invalid>

which can be aborted at once without any DNS search at all?

Making the From header field optional would eliminate the need
for such hacks
by persons who desire the degree of anonymity that such hacks
provide; those
persons could simply avoid including a From field at all, rather than
including a hacked bogus address in a From field.


But that does not really solve the problem.

It solves the problem faced by gateway implementors upon encountering
the ineffective and invalid addresses explicitly condoned by your
draft; implementors could drop the invalid/ineffective addresses and
if no addresses remain, then drop the field.

Which would mean that the message arrived on the mailing list with no
indication at all of who had posted it. I am sure that would be _most_
popular with the other members of that mailing list - NOT.

People still want to identify
themselves (and their readers certainly want to know who is writing to
them, whether in News or Email).

How do you propose differentiating one "John Doe" from another "John Doe"
in the absence of an email address?

I don't. I prefer to see the munged address (I doubt both Joe Does use the
same email address, munged or not). I see lots of munged addresses in the
groups I read, and I never have a problem recognizing familiar posters,
except when they are deliberately trying to mislead.

 For what practical purpose would
such a non-identifying "identity" be used?

I suggest you read some newsgroups regularly, and then you would know. It
ain't (particularly) broke. Stop trying to fix it.


The mailboxes (N.B. no named groups) in the From field are used for replies
(in the absence of a Reply-To field).  So a hypothetical From field with
no mailbox is unworkable in the absence of a Reply-To field, and is
pointless in the presence of a Reply-To field.

On the contrary, it is not at all unworkable in News and mailing lists. It
simply encourages people to reply to the group/mailing list rather than to
the poster, which is actually not such a bad thing.


but I think I would prefer to make people use
something ugly like the ".invalid" thing just to prevent it from becoming
a thing that everybody did as a matter of course

What exactly do you think people who are now inclined to use bogus
mailboxes in From fields will do?
a) ignore your recommendation (in which case it is pointless)
b) use effective and valid mailboxes (in which case why not simply require 
that)
c) inappropriately use .invalid just because you say so, causing massive
  problems for gateway implementors

a) leads to unnecessary DNS traffic. Moreover, people trying to mail to
the bad address usually get no immediate warning - just a bounce sometime
later.
b) is not going to happen, whatever we say.

which leaves c) as the best of a bad bunch.

It seems to me that the likely outcomes would be a and/or c, and it is
clear that you have not considered the implications for gateway
implementation.

And I doubt many current gateway implementors are even aware of the eevil
thing they are doing.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, 
CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5