It occurred to me that just pointing out the obvious that netnews is no
more of a "pull" protocol than Internet mail isn't sufficient for those
who don't read RFCs or C and don't configure or run SMTP or NNTP servers.
RFC 977 describes the important part of NNTP. Messages can be moved
from an NNTP server to an NNTP client using two different mechanisms.
One is "an interactive mechanism" based on the NEWNEWS and ARTICLE
commands. The NEWNEWS command causes the server to send a list of
articles and the ARTICLE command requests that the server send individual
articles. In a sense that is inconsistent with the way the word has
been used in this mailing list, this is a "pull" protocol. It is
inconsistent because no authenticating, checking, or filtering is done
other than by article-ID before the entire article is transferred.
The NEWNEWS comamnd produces only a list of article-IDs and the ARTICLE
command tells the server to emit an article by its ID. The NEWNEWS
and ARTICLE commands can be used to move articles among servers, but
as far as I can tell, generally are not.
News is more commonly moved among servers using the IHAVE command.
A news system accumulates lists of file names containing articles that
need to be sent to its peers. When there are enough articles or enough
time has passed, the NNTP client contacts a peer NNTP server and uses
the IHAVE command very much like an SMTP envelope to offer an article.
The NNTP server either rejects the article with 435/436/437 much as
an SMTP server says 4yz or 5yz to the SMTP envelope or the NNTP responds
by saying 335/235 much as an SMTP server responsds to an SMTP envelope
with "250 ok."
Never mind elaborations and optimizations such as SMTP ETRN and
persistent/"cached" SMTP or NNTP connections.
Also skip kludges and hacks in such as "slurp" where an NNTP host
pretends to be a newsreading program to move bulk news. These are
commonly used to violate terms of service that allow news reading and
posting by humans but not news serving by computers or to avoid the
greater hassles and security worries of configuring an NNTP peering.
Please do note that SMTP pipelining makes SMTP look even more
like NNTP IHAVE/sendme running at speed.
It is a relevant educational exercise to imagine how one might control
netnews spam given the nature of the overall system, and then to see
what tactics are now working and what never worked or stopped working.
(I do not intend to suggest that the effective netnews spam defenses
are directly applicable to email spam.)
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg