From: Jim Youll <jim(_at_)media(_dot_)mit(_dot_)edu>
An important but not hard part of the job is letting people at the
source of the message diagnose the problem. People who've spent years
trying to guess why a distant machine run by idiots who can't look at
their own logs or do their own tests is intermittently rejecting mail
have more sympathy for the current, ad hoc, brute force, bandwidth
wasting, theoretically spammer exploitable scheme.
Message body has nothing to do with this.
As written, that is wrong, particularly in this age of body filters.
You're right that the body need not come from the remote system to
aid diagnosis. Still, your new DSN format must make it completely
clear and unambiguous where the body fits in the transaction log.
Or your DSN system must recognize messages where any bounce should
include the message.
The hard part is getting a few 1,000,000 SMTP servers to install your
MTA patches and a few 100,000,000 people to install your new MUAs,
and to deal with the transition.
That is not necessary. Just change the default behavior of sendmail
and when the next root exploit is found and everybody is forced to upgrade
within 24 hours, it'll be largely deployed.
That's a leisurely deployment schedule, since the last root exploit
of sendmail before the recent pair was six years ago.
(see http://search.cert.org/query.html?col=certadv&qt=sendmail )
Your "24 hours" won't be half over for at least six months. Check
the Recived headers from this mailing list. You'll find some contributors
are running 8.9.1a/8.9.1a. Even odin is running 8.11.6/8.11.6
...
It seems the point on which we disagree is whether there is some
merit to regenerating entire new messages that contain full message
bodies.
I believe there is not, in most if not all cases, a compelling argument
for continuing the practice of sending back entire messages at the
application level.
When you're dealing with errors, hand waving doesn't justify not providing
sufficent information to deal with a significant minority of cases.
Seriously, really, how common is the scenario you describe, and by what
other means would the correspondents have already solved the problem out
of band?
The number of messages that are _not delivered_, and _not discernable by
the sender_ looking at everything but the body... this can't possibly be
a significant fraction of all e-mail.
My unsupported claim is that this scenario is vastly more common than
spam disguised as bounces. I bet it's more common that bogus bounces
resulting from forged spam headers. As others have pointed out, most
users don't understand, and more important, don't care much about how
email works.
And yes, I agree that that users most commonly discard bounces unread.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg