ietf-asrg
[Top] [All Lists]

[Asrg] Re: 6. Proposals - Pull System (revisited)

2003-11-30 02:07:35
At 12:16 PM +0000 11/29/03, Jon Kyme wrote:
What exactly is the specific failing of SMTP which is addressed by pull
systems?

Have I missed something?


SMTP for RFC822-format mail is essentially the only 'push' system in 
wide use on the net where data is sent to individual end users 
without requiring their prior consent. Yet for historical reasons, it 
operates on a source-trusted model. Traditionally, none of the source 
identification data in RFC822 mail or used in SMTP are authenticated 
in any way, but rather they are accepted no matter what they are. In 
the case of the HELO argument it is even unwise to do basic sanity 
checks because  misuse is so widespread among legitimate senders: 
unless the sending side claims an unambiguous identity which the 
receiving system knows as its own, refusing mail based on a 
validation failure will result in some legitimate mail being 
rejected. Being a push system makes email more subject to spamming 
than 'pull' systems, and the historical ways that Internet email has 
been run without any sort of sender validation have led to even 
non-spam using mechanisms that break any serious attempt at sender 
authentication.



Yes, alright, don't go on... lack of sender validation. OK, now fix sender
validation (see the many proposals to this end). What's wrong with SMTP?





--

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg