ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)

2003-11-30 02:29:28
from [Hector Santos] [Permanent Link] 

----- Original Message ----- 


What I would like to narrow down is what purpose does this proposal
address? What exact forgery does it solve?


Valid Return Path.

The RFC says that all mail must be returnable (except for NULL address).



Ok, I believe we have narrowed it down :) Thanks for bearing with us
folks :)

So what we are addressing is the valid return path. The current
standards allow for invalid return addresses, which is the one of the
root problems that led to spam. This has a side-effect of allowing
anonymous email (which can still survive if the anonymous email server
uses its own email address for MAIL FROM). That I believe is our point
of contention, and I would be more than happy to see the exact section
which requires all mail to be returnable.


See RFC 2821 section 6, second paragraph:

   "If there is a delivery failure after acceptance of a message, the
   receiver-SMTP MUST formulate and mail a notification message.  This
   notification MUST be sent using a null ("<>") reverse path in the
   envelope.  The recipient of this notification MUST be the address
   from the envelope return path (or the Return-Path: line). "

Thats pretty straight forward to me.

If a return path MUST be available to delivery of failure notifications,
then it can only be accomplish with a valid return path.   Therefore, it is
only logical that a valid return path is provided in the first place in the
event a delivery failure notification is required.

Incidentally, section 7.1 last paragraph is obsolete and inconsistance with
the rest of the specs. Needs to be moved if you wish to move on with your
efforts.

  "This specification does not further address the authentication issues
   associated with SMTP other than to advocate that useful functionality
   not be disabled in the hope of providing some small margin of
   protection against an ignorant user who is trying to fake mail."

Obviously,   "small margin" is now LARGE and "an ignorant user" is now "an
ignorant industry"

<G>





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Re: 6. Proposals - Pull System (revisited), Jon Kyme
Next by Date:  Re: RE: [Asrg] 6. Proposals - Legal - Subject labelling (?), Jon Kyme
Previous by Thread:  Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification), Yakov Shafranovich
Next by Thread:  Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification), Bart Schaefer
Indexes:  [Date] [Thread] [Top] [All Lists]