ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - A Brief Defence of "Pull"

2003-10-01 01:33:52
At 3:21 PM +1000 2003/10/01, Brett Watson wrote:

 3. "Pull" is a perfect match for "greylisting". In a push-based system, the
 recipient must temporarily refuse the message until the timeout period has
 passed. In the case of a pull-based system, the recipient merely delays the
 pull attempt until such time as it is ready. In a pull-based system, the
 timing of the message fetch is primarily under the control of the recipient
 (as it should be: refer point 2). All modes of "hit and run" spamming are
 diminished in effectiveness by greylisting, and "pull" facilitates
 greylisting.

In essence, this would be like asking recipients to go to the remote post office box for each and every sender, when they wanted to pick up mail. On the Internet, this isn't as bad as it would be in the real world, but it would still be exceptionally painful. Moreover, while envelope-based filtering would be made easier, body content filtering would still require obtaining the message body and then looking at it.

Until you can provide mechanisms that have strong cryptographic authentication that securely tie in a particular notice to a particular message body, and you can ensure that it is physically impossible for someone to accidentally or intentionally swap message bodies, I don't see where you can get this mechanism to work.


There's a reason why the envelope is delivered along with the message body, even if the entire envelope is a forgery (beyond the source and recipient addresses). For MTAs that split the envelope from the message body, they have to deal with a two-phase commit problem to keep the two in sync. That makes the problem significantly more difficult to deal with.

Now you're talking about not only splitting the envelope and body into two separate files, but into two completely separate transactions.

--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg