ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Taking a step back (Was: Proxy your address)

2003-03-13 14:20:00
from [Valdis . Kletnieks] [Permanent Link] 
On Thu, 13 Mar 2003 15:03:58 EST, Jason Hihn said:


Note: This should be considered different from a simple RCPT-TO check. While
easily implemented as such, it can be used to validate an address (violating
#0) IMHO RCPT-TO should not ever return an error until after the socket is
closed. Then when it goes to return an unknown mailbox error, it ends up
doing a verify of the From address. This does several things. 1) It will
prevent unnecessary error messages being sent back to a no-good address. 2)
It will slow/prevent address receiver verification.


So.. instead of giving them a '550 Piss Off' right then and there, you
go to all the effort of queueing it to disk and verifying the From:
afterwards, and then finding out that you can't double-bounce.  Really
bad if you're being spammed by 100K things in a dictionary attack...

And this is a messy situation - you have to be able to distinguish between
double-bounces that should go to the postmaster because there's a real
problem, and spammer double bounces.  Silently dropping all double
bounces is a bad idea...


verifies your email address before it sends out the image. Can we come up
with a standard that requires all images (any binary content really) to be
embedded? My preferred email client has a check box to "not load remote
images in mail", which works for me, but I fret over people whose clients
aren't so careful.


Let's note a few things:

1) This is (as you noted) really an MUA issue.

2) There's often legitimate uses for it.  If you're at the end of a slow
link, you may very well want to download your mail w/o images, and then
select 'load images' for certain pieces of mail and not others.

3) The same spammers that don't follow RFC822 won't follow your proposed
standard either.

4) Identify the major software vendors who have issues in this area, and ask
whether they're likely to implement such a standard.

5) Making it a standard won't make people upgrade.  Only user education or
forcing an upgrade on them will do that.

Attachment: pgpOWGr26cea9.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Taking a step back (Was: Proxy your address), Kee Hinckley
Next by Date:  RE: [Asrg] Taking a step back (Was: Proxy your address), Jason Hihn
Previous by Thread:  Re: [Asrg] Taking a step back (Was: Proxy your address), Kee Hinckley
Next by Thread:  RE: [Asrg] Taking a step back (Was: Proxy your address), Jason Hihn
Indexes:  [Date] [Thread] [Top] [All Lists]