ietf-smtp
[Top] [All Lists]

Re: [SPAM] - Re: Re: draft-duan-smtp-receiver-driven-00.txt - Email found in subject

2005-05-11 11:46:01

Hector,

For example, I don't want to put a barrier up to potential customers sending
sales inquiries to sales(_at_)santronics(_dot_)com(_dot_)


I do not like neither :-)

That is why *I* think that the definition of the sender classes should be separated from the protocol design itself. For example, I can include only my regular contacts in the allowed class, others (not black listed) are in the unclassified class, no matter I first time see it or I saw it before.

Dont get me wrong. Of course the definition of regular contacts for different accounts can be quite different. For example, sales(_at_)santronics(_dot_)com may have a much less retricted rule about the allowed class, while some others would like to open to the world.

Keep in mind the idea of receiving a payload for post authentication
concepts can be very problematic. Microsoft's SenderID proposal has this
problem and the key reason why we won't directly implement it into the SMTP
server.

I guess I did not make it clear. I menioned that we can use the sender email address to look up the SMTA instead of relying on the RMTA to record the IP address of the SMTA, it does not mean that we will accept the payload (the DATA command). We just need the sender email address from the MAIL FROM command.

Please note, as a SMTP vendor, I am all for a great idea.  But if massive
changes is going to be required, then it needs to make sense across the
board.   In my view,  SMTP is a great protocol which has the elements to

Agreed. I like to hear from you guys who work in this aread.

Cheers,
-Zhenhai
eliminate the "forging" aspect of the transaction.  SPAM Analysis and
content analysis, to me, is out of the scope of SMTP.  It can be hooked in
today already.  But 2822 and 2821 are two different things.   Its like the
US postal mail man.  He could care less what he is delivering to you.  But
you as a receiver might have place some level of scrutiny at the mail man
before you even look at the content he is handing over to you.   Does he
have a uniform?  Does he have a badge?  Does he look like a bum?  Do you
recognize him?  Does he have a permit to deliver mail?   Or is he just a
friendly neighbor who is routing mail to you?

So unless the mind set can be changed to begin looking at stronger
client/server negotiations of the SMTP transactions, and more important
adding an enforcement level of compliance,  big changes like you suggest, I
don't see having much value.


--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com