[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-20 10:22:57

On Sun June 19 2005 02:01, Frank Ellermann wrote:

Keith Moore wrote:

One MSA I know with millions of customers (
even _sets_ the MAIL FROM and the 2822-From no matter what the
MUA says.  One of the reasons why I've always supported you and
Bruce when you say that "Reply-To" is strictly user territory -
I just need it for this MSA.  Of course no 2476bis-MSA, option
6.1 does not cover to _set_ MAIL FROM, let alone the 2822-From.

1. Such MSAs (I know of one also) tend to be unusable precisely
   because of such message mangling (among other things, that
   improperly redirects delivery notifications from where the user
   expects them to go, and the message content mangling defeats
   privacy/security arrangements).  When coupled with brain-dead
   POP implementations for retrieval of (notification) messages,
   or worse, no retrieval mechanisms, such "services" are useless.

2. Reply-To won't help in such a case for delivery notifications,
   nor will it help if the recipient decides to "reply-to-author"
   (the From field holds the author(s) mailbox(es), by definition
   of the field).

Normal users just don't care about it, they want to send mail,
they want to get mail, they hate spam, they need "experts" to
interpret a bounce, so it's our duty that they only get really
relevant bounces, and not arbitrary forged "bounces to" crap.

we need to stop trying to overload MAIL FROM, From, Sender,
etc to be the originator identity.   We need a new concept
for that.  Sender was close to the right idea

A new protocol is needed, or end-to-end solutions need to be
provided above SMTP.  SMTP simply has insufficient security to
do what you want (and some parts of SMTP (e.g. message mangling)
actively interfere with end-to-end privacy and authentication).

<Prev in Thread] Current Thread [Next in Thread>