ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Re: 6. Proposals - Pull System (revisited)

2003-11-29 13:03:31
from [Bill Cole] [Permanent Link] 
At 12:16 PM +0000 11/29/03, Jon Kyme wrote:

What exactly is the specific failing of SMTP which is addressed by pull
systems?

Have I missed something?
SMTP for RFC822-format mail is essentially the only 'push' system in wide use on the net where data is sent to individual end users without requiring their prior consent. Yet for historical reasons, it operates on a source-trusted model. Traditionally, none of the source identification data in RFC822 mail or used in SMTP are authenticated in any way, but rather they are accepted no matter what they are. In the case of the HELO argument it is even unwise to do basic sanity checks because misuse is so widespread among legitimate senders: unless the sending side claims an unambiguous identity which the receiving system knows as its own, refusing mail based on a validation failure will result in some legitimate mail being rejected. Being a push system makes email more subject to spamming than 'pull' systems, and the historical ways that Internet email has been run without any sort of sender validation have led to even non-spam using mechanisms that break any serious attempt at sender authentication.
Pull systems have a reduced need for sender authentication because the recipient is asking the sender directly for the content. This is why systems like the web almost never authenticate content providers, only doing do when the data being received has some significant intrinsic value. Note that I do NOT consider the one model proposed here for a new variation on SMTP to be accurately called a 'pull' system because it involves pushed unsolicited notices of availability of pullable messages, and in the end that's just as many pointers to spam as we currently have spam. A true 'pull' system for bulk messaging could do for spam what the web did for gopher. If the only reason a bulk sender would chose SMTP is to support unsolicited messaging, the problem of filtering essentially all spam without filtering out non-spam becomes a whole lot easier. 

--
Bill Cole
bill(_at_)scconsult(_dot_)com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification), Matthew Elvey
Next by Date:  Re: [Asrg] 6. Proposals - Legal - Subject labeling; do-not-spam list; banners, Matthew Elvey
Previous by Thread:  Re: [Asrg] Re: 6. Proposals - Pull System (revisited), Alan DeKok
Next by Thread:  [Asrg] Re: 6. Proposals - Pull System (revisited), Jon Kyme
Indexes:  [Date] [Thread] [Top] [All Lists]