ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A new SMTP "3821" [Re: FTC stuff...........]

2004-11-29 08:42:32
from [Alan DeKok] [Permanent Link] 

"william(at)elan.net" <william(_at_)elan(_dot_)net> wrote:

Although longer, below header provies a better annd more complete view 
(for debugging) on what happened and who did the forwarding:


  Sure, there are a whole host of similar solutions, some of which
were developed with more than 5 minutes thought. :)

  The simple addition of a header allows .forward files to work, and
requires no off-site changes.


As for Original-* headers, the standartization of their use is TBD in
one of my next drafts. For what you wanted, I'll recommend using
"Original-Envelope-From" (this is actually already being used) for
return-path and "Original-Envelope-Recipient" for RCPT TO.


  To be robust, they have to be tied together, and they have to be
able to have multiple copies added across multiple ".forward" hops.
The Redirected: header you propose is much better at doing that.


What SPF is now doing is saying that .forward need to do more then just
simply relaying message with new addresses and need to identify who they
are and what they did. This is good for better email security although
people who want to remain anonymous might not like this trend (as usual).


  It's not just SPF.  It's a way to address the spam problem.  As
Hadmut has said, stopping forgery requires everyone to give up
forging.  If I didn't agree to let others use my domain name in "MAIL
FROM", it's forgery, because *I* define the use of my domain name.  If
someone else doesn't mind, that's their issue.

  And what do you mean by "anonymous"?  To send SMTP, you HAVE to have
a routable source IP address.  This means that the SMTP server you're
talking to knows who you are, and that knowledge is probably going to
be put in a Received: line in the SMTP message.

  If an "anonymous" sender has no reverse path, then they can't accept
bounces, and no one can respond to their messages.  To me, this means
a protocol other than SMTP is better suited for anonymity.

  The lack of a definition for ideas like "anonymity" in relation to
SMTP is one of the causes of miscommunication.  Everybody uses the
term, and everybody "knows" what it means.  But in the absence of a
quantitative definition, none of the definitions are talking about the
same thing.

  Alan DeKok.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Complaint on personal attack by Matthew Elvey, Stephane Bortzmeyer
Next by Date:  Re: Complaint on personal attack by Matthew Elvey by Dean Anderson of av8., Matthew Elvey
Previous by Thread:  Re: A new SMTP "3821" [Re: FTC stuff...........], william(at)elan.net
Next by Thread:  Re: A new SMTP "3821" [Re: FTC stuff...........], Chris Haynes
Indexes:  [Date] [Thread] [Top] [All Lists]