ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: User experience

2004-04-07 10:58:38
from [Hector Santos] [Permanent Link] 


----- Original Message ----- 
From: "Harry Katz" <hkatz(_at_)exchange(_dot_)microsoft(_dot_)com>
To: "John Gardiner Myers" <jgmyers(_at_)proofpoint(_dot_)com>; 
<ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, April 07, 2004 12:43 PM
Subject: RE: User experience



HKATZ:  It is perfectly possible to reject a message at the end of DATA
and not generate a bounce message, exactly the same way you can reject
after MAIL FROM and not generate a bounce.  Rejecting at end of DATA has
the benefit of allowing the MTA to examine the 2822 headers to make a
more accurate determination of the identity responsible for sending the
message.


Hi Harry,

What your MCEP (Microsoft' Caller ID Email Policy) design is screaming for
is a split of the DATA command into two parts, HEAD plus BODY.   I think
Microsoft needs to consider very strongly the power it has over deployment.
Yes, people will follow just as we have as always.  But at the same time,
"sound technical logic" must prevail.   Focusing on RFC 2822 as an
enforcement policy will create a system and network bandwidth problem with
the current SMTP model.

I'm still waiting to see someone write a draft ESMTP to prepare this
HEAD/BODY concept which will so many other benefits other than this narrow
scope,  for example, we would be able to satisfy the "Topic identification"
CAN-SPAM mandate as well.

In any case,  when the design of the end points are under your control, this
is a very valid consideration. Its very easy to see.  However, consideration
for the middle ware is independent and transparent to the end points.  It
needs to be secured on its own merits.  Checking for RFC 2822 integrity is
already there at DATA or POST SMTP, preferably DATA. SMTP must have first
"shot" enforcement power and I believe the basic policies should begin with
this.  RFC2822 is a second stage.

RFC 2821  - transport integrity
RFC 2822 -  content integrity.

The SMTP model can change to help the latter.  But under the current
framework, it is problematic, i.e, we will end up with inconsistent and
different results and surely we will still have systems that use POST SMTP
analysis that doesn't help the bounce system in the area of malicious mail
or spoofed/bad return paths.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Input on identities, Markus Stumpf
Next by Date:  Re: User experience, John Gardiner Myers
Previous by Thread:  RE: User experience, Harry Katz
Next by Thread:  Re: User experience, John Gardiner Myers
Indexes:  [Date] [Thread] [Top] [All Lists]