I tried to follow the discussion about mailsubmission draft (Email
Submission Between Independent Networks) and RFC2476bis what the MSA is
allowed to do and not.
But I think we are missing a point.
There are (at least) two kinds of MSA's
I would call them
1) Organisational MSA
2) Internet (ISP) MSA
(If you have better names please name them)
And I can not find a reference to which kind of MSA is referred in the Email
Submission Between Independent Networks draft and what the consequences are.
To describe the two types of MSA:
Organisational MSA's
the (user of) the MUA and the MSA is part of the same organisation and the
MSA is therefore allowed to do almost anything with a message as long as the
output is proper RFC2822/2821.
This include but are not limited to:
virusscanning
removing/changing/ adding of headers (RFC2822 and 2821)
removing attachments MIME parts
encryption/decryption
adding headers and footers to the email body
the draft should only give guidelines and suggestions for this type of MSA.
(so that the output is proper RFC2822/2821.)
In extreme cases the MSA is even allowed to refuse the message all together.
Internet MSA's are not part of the same organisation and should only do:
virusscanning
adding necessary RFC 2822 headers
adding trace headers (RFC 2821)
and other options that should be an explicit part of the contract between
the organisation and her internet provider)