At 3:21 PM +1000 2003/10/01, Brett Watson wrote:
3. "Pull" is a perfect match for "greylisting". In a push-based system, the
recipient must temporarily refuse the message until the timeout period has
passed. In the case of a pull-based system, the recipient merely delays the
pull attempt until such time as it is ready. In a pull-based system, the
timing of the message fetch is primarily under the control of the recipient
(as it should be: refer point 2). All modes of "hit and run" spamming are
diminished in effectiveness by greylisting, and "pull" facilitates
greylisting.
In essence, this would be like asking recipients to go to the
remote post office box for each and every sender, when they wanted to
pick up mail. On the Internet, this isn't as bad as it would be in
the real world, but it would still be exceptionally painful.
Moreover, while envelope-based filtering would be made easier, body
content filtering would still require obtaining the message body and
then looking at it.
Until you can provide mechanisms that have strong cryptographic
authentication that securely tie in a particular notice to a
particular message body, and you can ensure that it is physically
impossible for someone to accidentally or intentionally swap message
bodies, I don't see where you can get this mechanism to work.
There's a reason why the envelope is delivered along with the
message body, even if the entire envelope is a forgery (beyond the
source and recipient addresses). For MTAs that split the envelope
from the message body, they have to deal with a two-phase commit
problem to keep the two in sync. That makes the problem
significantly more difficult to deal with.
Now you're talking about not only splitting the envelope and body
into two separate files, but into two completely separate
transactions.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg