On Wed, 11 Aug 2010 01:09:57 +0100, John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
I have to say that this particular proposal is currently no more than
1/3 baked, since unless I've missed something, I don't see much effort
to work out failure and security models. For example:
OK, in the scenarios which follow, "you" is some MLM, and the proposition
is that the MLM might decide to alter the From: header (e.g. by percent
encoding), plus some other useful changes.
- Who do you accept forwarded messages from? List subscribers? Anyone?
Subscribers and people who sign up on a forward-me pseudo list?
The MLM (aka "you") makes that decision according to the purpose of his
list. Those factors might well influence whether he changes the From: or
not.
- If a forwarded message
ITYM one that is forwarded back to the original author via the percent hack
is rejected or bounces, what do you do? At
what point should you stop trying to forward?
That is a matter of policy for the MLM to decide. Presumably if it is a
4xx response you keep trying, and if it is a 5xx you pass it back up the
Return Path. That is, more or less, current common practice.
... If you get mail to an
address that you don't forward any more do you reject it? Drop it?
Something else?
Again that is a matter of policy for the MLM. It would be polite to reject
with some 5xx and/or some explanation up the Return Path. It would be a
kindness to continue to forward it at least for a while.
- What do you do when someone unsubscribes? When someone bounces off the
list? When someone changes his subscription address? (Yes, there are
MLMs that let you do that.)
Policy again. there is no obligation to forward bounces off the list
(indeed an open relay is already considered bad practice). A changed
subscription simply causes the percent hack to be applied to the new
address. For unsubscription, see the previous scenarios.
- What kind of spam filtering is appropriate for forwarded messages?
For returning bounces? Should you try to distinguish between real
bounces and spam to bounce addresses ?
Probably best to forward regardless, which gives the same effect as if the
responder had replied directly himself. As a minor benefit, it lets you
discover that your members are sending spam, if you really want to follow
that path. Essentially, your forwarding practice should seek to emulate
the current situation where the responder replies to the original author
directly.
- Many MUAs collect outgoing addresses into the local address book, so
people who really have one address will now appear to have N+1 if
they subscribe to N lists. Is that a problem? Why or why not? If
it's a problem, what should you do about it?
That is the only point you have raised that might have some merit. It
does not seem like a showstopper to me, but the possibility ought to be
documented as part of the proposal. If the percentified address in the
address book stops working then, according to the answers given above, the
responder will soon get to know about it, exactly the same as when someone
currently changes their address and fails to notify everyone affected.
That's all that occurs to me in five minutes, but I'm sure that if you
actually try it, you'll find lots more.
Keep shooting. Maybe you will eventually find your foot :-) .
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html