On Thu, Mar 20, 2003 at 03:08:11PM -0600, David Walker wrote:
I don't understand why mail servers treat bounces as regular messages.
I believe that your mail server should encapsulate a bounce message in a
generic "here is a mail error" report.
It's for historical reasons, the main reason being that the protocols
assume that email failures are always complicated or unusual or at a
high enough layer that they warrant the attention of a human. There
is no accommodation in the standards for a denial-of-service attack on
this back-channel.
There *are* better bounce standards, but they are not widely-enough
implemented and still leave something to be desired. For example, RFC
3461 really MUST be implemented everywhere to maintain the viability
of bounces, but it does not allow you to sensibly verify a legitimate
bounce at SMTP time because the ENVID parameter is copied into the 2822
headers of the bounce and isn't exposed to the 2821 level -- you can't
reject a forged bounce until after CRLF.CRLF. It also only records the
original and final recipients of a message, not the intermediate aliases,
which reduces its effectiveness at improving email's debuggability.
Note that verifying legitimate bounces implies that the MXs for a
domain know the ENVID of all MAIL FROM that domain, which implies the
death of asymmetrical email routing (but I think we all agree that
that needs to die anyway).
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
SOUTHEAST SHANNON: SOUTHERLY 4 OR 5. FAIR. GOOD.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg