-------- Original Message --------
Subject: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
Date: Sat, 29 Nov 2003 16:35:59 -0500
From: joe <joe_kern_1001(_at_)hotmail(_dot_)com>
To: <asrg-admin(_at_)ietf(_dot_)org>
Pull systems are not convenient as they delay access to mail by a
recipient. Many users are mobile, they access
their email server, download all messages and then sift through them
off-line.
Authenticating senders is a good step forward as it limits the freedom
spammers enjoy today. So its certainly a way to go. Its by no means a
solution to the problem.
Joe
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] On
Behalf Of Bill
Cole
Sent: Saturday, November 29, 2003 3:02 PM
To: ASRG
Subject: [Asrg] Re: 6. Proposals - Pull System (revisited)
At 12:16 PM +0000 11/29/03, Jon Kyme wrote:
What exactly is the specific failing of SMTP which is addressed by pull
systems?
Have I missed something?
SMTP for RFC822-format mail is essentially the only 'push' system in
wide use on the net where data is sent to individual end users
without requiring their prior consent. Yet for historical reasons, it
operates on a source-trusted model. Traditionally, none of the source
identification data in RFC822 mail or used in SMTP are authenticated
in any way, but rather they are accepted no matter what they are. In
the case of the HELO argument it is even unwise to do basic sanity
checks because misuse is so widespread among legitimate senders:
unless the sending side claims an unambiguous identity which the
receiving system knows as its own, refusing mail based on a
validation failure will result in some legitimate mail being
rejected. Being a push system makes email more subject to spamming
than 'pull' systems, and the historical ways that Internet email has
been run without any sort of sender validation have led to even
non-spam using mechanisms that break any serious attempt at sender
authentication.
Pull systems have a reduced need for sender authentication because
the recipient is asking the sender directly for the content. This is
why systems like the web almost never authenticate content providers,
only doing do when the data being received has some significant
intrinsic value. Note that I do NOT consider the one model proposed
here for a new variation on SMTP to be accurately called a 'pull'
system because it involves pushed unsolicited notices of availability
of pullable messages, and in the end that's just as many pointers to
spam as we currently have spam. A true 'pull' system for bulk
messaging could do for spam what the web did for gopher. If the only
reason a bulk sender would chose SMTP is to support unsolicited
messaging, the problem of filtering essentially all spam without
filtering out non-spam becomes a whole lot easier.
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Why are both drug addicts and computer aficionados both called
users?" (Clifford Stoll)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg