ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

The roaming user problem is insoluble

2004-05-08 21:42:25
from [John Levine] [Permanent Link] 

I bet that got your attention.

I can't help but note that the issues being hashed over here bear a
remarkable resemblance to the ones we were hashing over in the ASRG
LMAP group last year.  If there were good solutions, we'd have found
them by now.

Last year there were three general approaches to the roaming user
problem, and they haven't changed:

A: Make roamers phone home to send their mail

  Pro: can use standard SUBMIT and SMTP AUTH or tunnels, often there
   are other reasons to do so anyway

  Con: requires config changes or upgrades so that home servers
   support roamer access, reconfig roamer MUA's ot network config to
   call home. Some setups like acm.org have no home servers.

B: Poke holes in the rules big enough for roamer mail to get through

  Pro: roamers can send mail just like they do now

  Con: bad guys will use the same holes, don't have enough LMAP
   experience to predict how much spam and phish will get through but
   it could be a lot.

C: Use a bounce address from the network where mail is sent

  Pro: can be implemented in the (relatively few?) MTAs on systems that
   host roamers.

  Con: how to get bounces back to actual sender is non-obvious,
   privacy issue since it publishes roamer's actual location

These are the options if you want to validate senders by IP.  Maybe
there's an option D but it hasn't surfaced in a year so I wouldn't
hold my breath.  If you want some forward motion on a system that
validates envelope ssnders, you'll just have to pick one.  The
forwarding and greeting card problems aren't quite as hard but you'll
have to pick something for them, too.

Having done that, work up a spec, which shouldn't be hard since we
have so many to start from.  We won't know whether any of this turns
out to be of practical use in the real world until people start using
it widely at least to tag spam if not to block it.

Maybe the roaming and forwarding issues and the ease of mismatching
envelope and header sender address will be a killer.  This might push
people toward signature systems which can deal with roamers in
straightforward ways. I know at least two that should have draft specs
and sample code available within the next month.  But at some point
you just have to pick the least bad option and go ahead.

Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Semantics: per user policy, John Leslie
Next by Date:  Re: The roaming user problem is insoluble, william(at)elan.net
Previous by Thread:  Mail archive, Roy Badami
Next by Thread:  Re: The roaming user problem is insoluble, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]