On Sun, Jun 08, 2003 at 10:47:00AM -0400, Eric Dean wrote
I'm pretty sure that it's clear we should move forward with proposing
a new RFC2822 header. If a BOF wants to throw an X in front of
it, then so be it. I'll proceed br producing a draft with real
2822-type headers.
However, if someone out there is interested, we could interoperate
in the meantime using X or optional headers as well as with proposed
2822 headers
Has any consideration been given to doing this at the SMTP stage
rather than as part of DATA: ? E.g. an EHLO which tries to negotiate a
set of features, including CHRE:. If the destination MTA says "Yes, I
do CHRE:", then do a "CHRE:" step just after the "RCPT:" step.
Advantages to this include...
1) Spam runs from compromised home machines (Jeem.pv and Guzu) with
forged "From:" addresses don't mailbomb innocent 3rd parties if rejected
at SMTP time.
2) Yes, I realize that the ISP's MTA will have to keep state
information regarding the luser's preferences. However, it comes down
to either a) ISP's server doing it (maybe luser enters pre-emptive
whitelist/blocklist via web interface), or
b) luser administering it on his own MUA (Aunt Ethel or your
parents, yeah sure)
3) Clients can change MUA's, restore backed-up drives, format and
re-install, access email via web interface or laptop or handheld, etc,
etc, without worrying about replicating/propagating a small distributed
database over several client MUA's and devices. An XML structure to
download and upload settings would also be nice for synchronizing
multiple accounts at different ISPs.
4) This would require changes in MTA rather than MUA. The top 10 or
twenty ISP's on the planet probably have 100,000,000 customers. Questions
a) is it going to be easier to implement changes at a couple of
dozen locations (plus multiple redundant MTAs) or a hundred
million locations (multiplied by the number of devices/MUA's the
clients use to access their email) ?
b) as per 2-b) do you expect Aunt Ethel to be competent to download
and install updated MUA's ? Hint, consider how many people use
the default browser/mailer/newsreader that came with their OS.
5) Doing C/R via embedded headers means having to accept the entire
email, because headers are part of DATA:. This uses additional
bandwidth, even if the destination MTA issues a 550.
6) Which is going to to impose more load on an MTA
a) handling an extra stage in the SMTP negotiation
b) accepting the entire email and parsing the entire body looking
for C/R headers
7) What about mailing lists (like this one for instance) that use
b0rken 2-bit defaults where hitting "r" to reply sends a reply not to
the list but to the individual sender ? How difficult is it to insert a
"Reply-To:" header? How are MUAs going to handle Envelope-From. Don't
talk to me about "Return-Path:". Many ISPs don't generate this on
incoming email, many MUAs don't use it, and your Aunt Ethel doesn't know
what it is, let alone the difference between "MAIL FROM:" and "From:".
BTW, for those who despise b0rken mailing-list software, here is the
answer, via procmail. Generate your own "Reply-To:" header...
:0 fhw
* ^X-BeenThere:(_dot_)*asrg(_at_)ietf\(_dot_)org
* !^Reply-To: asrg(_at_)ietf\(_dot_)org
| formail -i "Reply-To: asrg(_at_)ietf(_dot_)org (ASRG list)"
ISP-wide implementations that send challenges via regular email
address some, but not all of the above issues.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg