At 12:16 PM +0000 11/29/03, Jon Kyme wrote:
What exactly is the specific failing of SMTP which is addressed by pull
systems?
Have I missed something?
SMTP for RFC822-format mail is essentially the only 'push' system in
wide use on the net where data is sent to individual end users
without requiring their prior consent. Yet for historical reasons, it
operates on a source-trusted model. Traditionally, none of the source
identification data in RFC822 mail or used in SMTP are authenticated
in any way, but rather they are accepted no matter what they are. In
the case of the HELO argument it is even unwise to do basic sanity
checks because misuse is so widespread among legitimate senders:
unless the sending side claims an unambiguous identity which the
receiving system knows as its own, refusing mail based on a
validation failure will result in some legitimate mail being
rejected. Being a push system makes email more subject to spamming
than 'pull' systems, and the historical ways that Internet email has
been run without any sort of sender validation have led to even
non-spam using mechanisms that break any serious attempt at sender
authentication.
Yes, alright, don't go on... lack of sender validation. OK, now fix sender
validation (see the many proposals to this end). What's wrong with SMTP?
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg