On 2004-02-02 13:50:55 -0500, Alan DeKok wrote:
"Peter J. Holzer" <hjp-asrg(_at_)hjp(_dot_)at> wrote:
a) size of the body
There is the SMTP SIZE extension (RFC 1870), which is in widespread use.
Arg. That's what I get for not reading ~3,5k RFC's.
:-)
If the size extension is made mandatory for clients, many MTAs will have
to be upgraded or replaced. This is not zero impact.
It's a one-time cost to upgrade their systems. They may get this
feature for free, as part of their normal upgrade process. We already
know that *any* changes to SMTP use, implementation, or deployment
already have costs. So I'm less concerned about the deployment costs,
as long as they're small.
No disagreement here. I was only objecting to "zero impact". There will
be costs, not only in money and labour to upgrade the software, but also
in rejected legitimate mails, when some MTAs start to reject messages
without a size estimate while others still haven't implemented it.
I cannot estimate how large that would be: SIZE is already widely, but
not universally deployed.
We already have a voluntary mechanism for the client to disclose
this information.
Which is currently unhelpful... because many "trusted" systems don't
use it. So the information it provides is unreliable, in that it
doesn't help distinguish bad systems from good ones.
As a general principle, most systems could handle spam if they
published a policy for accepting spam (# of messages, size, arrival
rate, bandwidth, etc.), and then the spammers *followed* that policy.
I don't think that's very realistic. Firstly, people want zero spam, and
unlimited "interesting" mails. My users complain if they get a single 1k
spam message per day and they complain if they don't get those 67 40MB
powerpoint presentations that someone sent them in an hour. There just
isn't a correlation between # messages, arrival rate, bandwidth, etc.
and "spam". Secondly, spammers don't admit they send spam, and a single
spammer often masquerades as many senders.
Right not, there's no way for the recipient to publish their policy,
and there are few ways for the originator to publish what they intend
to send.
There's the following draft which is interesting:
http://www.potaroo.net/ietf/ids/draft-shveidel-mediasize-04.txt
Indeed. That may make some impact on worms, etc. (However, MTAs MUST
check the real content-types to make it effective: An executable
masquerading as a 4 second audio-File would otherwise slip through
almost everywhere). It won't have much impact on UCE, which is almost
exclusively text (plain or html).
hp
--
_ | Peter J. Holzer | In this vale
|_|_) | Sysadmin WSR | Of toil and sin
| | | hjp(_at_)hjp(_dot_)at | Your head grows bald
__/ | http://www.hjp.at/ | But not your chin. -- Burma Shave
pgpdbRi7KYO7N.pgp
Description: PGP signature