On Thu May 26 2005 13:52, Tony Finch wrote:
On Thu, 26 May 2005, Bruce Lilly wrote:
When a piece of software -- categorize it as you will -- connects to
an SMTP server and presents a domain name derived from a receiving
mailbox domain in EHLO/HELO, there is such conflation. We might
tentatively agree that such software isn't operating according to
assumptions behind the rules of a twenty-year-old protocol, but the
present-day facts of life are such that in many cases there simply is
no other option available to such software.
That's a problem with the sender's configuration, not with CSV.
It's a characteristic of modern Internet deployment, and as CSV doesn't
take that characteristic into account, there is a problem with CSV. The
simple fact is that a piece of software is often unable to determine
things such as a host name (see the current discussion of DHCP on the
ietf-822 list (don't ask me why it's there and not here)).
I do know
of software that makes it impossible to fix this kind of configuration
problem, but these email programs are designed to talk to an MSA, in which
case the problem is moot.
You're presuming that:
1. the MSA is always external (there exist laptops with MSAs and/or MTAs
installed)
2. that some appropriate information can be determined (see above, including
the reference DHCP discussion).
You claim that nevertheless it is still a
problem because in general SMTP software doesn't know what role its peer
is acting in, but again this is a fallacy because in a specific case the
site's policy can disambiguate,
o there is still the problem with attempting a one-size-fits-all approach
to "site" vs. a mail sender
o that ignores the issue of how sending software or users are supposed to
be able to determine that there is some policy, much less what that
policy is (see Valdis' comments)
The LMAP
protocols are all intended for use with SMTP over TCP across the public
Internet routed according to RFC 974.
As far as I can see, the proposals do not make such things clear. Some
in fact claim "all SMTP" or something similar.
They aren't for use within an
organization because in that case other authentication and authorization
mechanisms are more appropriate and more effective.
Nice theory. In practice, defining "an organization" and determining
organizational boundaries are necessary and non-trivial.