ietf-mxcomp
[Top] [All Lists]

Re: draft-ietf-marid-submitter-01.txt

2004-06-28 13:50:12

On 6/28/04 11:09 AM, Harry Katz sent forth electrons to convey:

On Monday, June 28, 2004 9:36 AM, Greg Connor wrote:

On Mon, 28 Jun 2004, Matthew Elvey wrote:

Only if you're assuming that the SUBMITTER is added following 'the rules'. The spec doesn't say that mail with a falsified SUBMITTER should be refused or discarded. (I hate all the
pussyfooting around
the discard option.)
Actually that was the original intent -- if it didn't get added to the draft it probably should be. A message that claims a certain SUBMITTER but doesn't have that address in the right place should be rejected after DATA and should not be accepted.


The spec does say this.
Yes.  The paragraph you quote is preceeded by:

"If the above tests indicate that the connecting SMTP client is not authorized to transmit e-mail messages on behalf of the SUBMITTER domain, the receiving SMTP server MAY reject the message using "550 5.7.1 Submitter not allowed." The receiving SMTP server MAY alternatively proceed to read the message and apply local policy." If the spec is interpreted procedurally, the above could take precedence over the below. That threw me. The reverse precedence is desired. (Case where SUBMITTER does not match header and is not allowed.)

From section 4.2:

  If the receiving SMTP server allows the connecting SMTP client to
  transmit message data, then the server SHOULD determine the purported
  responsible address of the message by examining the RFC 2822 message
  headers as described in [SENDER-ID].  If this purported responsible
address does not match the address appearing in the SUBMITTER parameter, the receiving SMTP server MUST reject the message using "550 5.7.1 Submitter does not match header."

If this needs some further clarification, please let me know.


Also, I have thought of a possible legal problem ...

Thank, issue resolved.


While I'm noting issues in the spec, may I suggest

s/firm/entity/
is necessary?
Or are firms the only entities with rights anymore? :(...
-I can see the headlines now! :)