David Nicol wrote:
Andreas Saurwein wrote:
At 18/2/2004 22:26 Wednesday, you wrote:
Comments, please?
Only one: Which halfway sane mail administrator has VRFY enabled
nowadays?
Are you trying to introduce better address harvesting support for
ESMTP or what?
Sorry, I dont get it.
the proposed VRFYVIA does not imply VRFY.
Does LMAP etc. have a response to the "it would facilitate harvesting"
argument?
That would apply here too.
There is a key difference between LMAP and your proposal: LMAP only
deals with domains, not individual senders. This is why harvesting would
be a bigger issue with your proposal rather than LMAP.
However, the same exact issue applies with any kind of SMTP-based
challenge response system like Verizon uses. So far we haven't seen any
facts on whether it has facilitated harvesting.
The following presentation might be useful, since it looks like the same
thing as you are trying to do:
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
In general, it is a good idea to consider other means of authentication
and identification aside from STMP. The key question is to decide which
do we care to identify and authenticate: IP address, domain or
individual sender. There is still significant disagreement on that.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord
Acton)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg