ietf-asrg
[Top] [All Lists]

Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)

2003-12-01 04:15:29

----- Original Message ----- 
From: "Bart Schaefer" <schaefer(_at_)brasslantern(_dot_)com>
}
} I don't see how the presence of MXes matters.

Hector's caller-ID proposal determines the validity of an address coming
from MTA1 by initiating a new SMTP transaction with the corresponding MX,
in this case MX1.  We wouldn't be having this discussion at all if the
presence of MX1 were not required.

But is is only used because the user provided his address as MX1.

} Are you maintaining that what's in the MAIL FROM need not be a valid
} reply address?

I am maintaining that a separate SMTP transaction among MX2 and MX1 is
not a reliable test of whether what's in MTA1's MAIL FROM is a valid
reply address, because the existing protocol definition cannot require
that it be a reliable test.

The existing procotol must certainly defines that it is a reliable test -
WHEN USED by COMPLIANT systems.  When it is used by non-compliant systems,
then you will be blocked with ESMTP VERSION 9.0!

If that means the MAIL FROM is not a valid reply address, then yes, I
am asserting that nothing I've yet seen quoted from RFC2821 requires
that what's in the MAIL FROM need be a valid address to which MX2 can
reply.  I further assert that if 2821 did require that, it would then
prohibit those edge cases that you've previously dismissed; which edge
cases it manifestly does not prohibit.

Your assertion is based on validity of non-compliant usage which is EXACTLY
what we are trying to block!

My assertion is that the 80% of the spamming problem is SOLVED by conforming
to the specs.

The RFCs clearly indicates that the Return-Path: is a REQUIREMENT which
comes from a required MAIL-FROM:  with the presumption is it a RELIABLE
return path.

But that also doesn't mean that it may not be VALID.

In COMPLIANT systems, it will be.

In SPOOF systems, it will not.

What is so hard to understand about that?

---
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>