ietf-mxcomp
[Top] [All Lists]

RE: Draft Charter milestone sequence

2004-03-17 21:08:46

never mind saves a pile of bandwidth from never having to see the
unathenticated message at all, and satisfies RFC 2821 7.1, 
specifically:

The paper in question was wrong.

It completely ignores the fact that criminals are stealing over
a million dollars a week by exploiting said loophole.

We're working to close that very loophole.  I just believe it can be done
without sacrificing the functionality of sending on behalf of another.

Originally I wanted From: (RFC 822/2822)[1] verified alongside MAIL FROM:
(RFC 821/2821) and matched.  Reply-To: (RFC 822/2822) could serve the purpose
of being able to send on behalf of another entity.  Unfortunately, to do that
requires receiving the entire message first and I believed saving the
bandwidth was more important than matching the RFC 2822 headers to the RFC
2821 envelope.

It happens that by not matching these, we happen to avoid removing what many
(in my opinion) consider still useful functionality, not to mention avoid a
pile of real world censorship/content-filtering problems.

However, like any other functionality consistently abused, it will be taken
away.  The moment I start seeing MAIL FROM:<paypalspoofer(_at_)aol(_dot_)com> 
sending
From: service(_at_)paypal(_dot_)com under an envelope-only verification system, 
I'll
start matching headers to envelopes and bouncing mail.  Baby steps, though.
This is still new (well, newer than SMTP).

[1] This is an attempt to cite the language I'm using so I'm clear on the
meanings.

-- 
PGP key (0x0AFA039E): 
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4> 


<Prev in Thread] Current Thread [Next in Thread>