Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> wrote:
I was trying to say that Alan should not be held responsible for the
misdeeds of others.
When someone steals my credit card information, I'm held responsible
until I can demonstrate it wasn't me. If a particular store has a
large number of fraudulent transactions, then the credit card company
can impose additional restrictions on them, or take away their card
access entirely.
No such system of accountability exists in SMTP. Any such system we
create will be forever limited due to the large numbers of people who
refuse to accept such accountability.
The point I was trying to make was that SMTP allows almost any text
(excepting .\n\n) in the raw DATA: body. The DATA: body includes the
"From:" header. Most MUAs don't know about envelope-sender, and many
ISPs omit envelope-sender in the email as delivered to the end-user's
POP account. The only thing that the recipient can know for certain
(assuming they can parse headers) is the final external IP address that
handed the email to their ISP.
Which is why some of the proposals involve audit trails. Hop by hop
authentication/accountability of SMTP messages is very problematic.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg