[Top] [All Lists]

Re: Anything else on the content?

2006-10-30 21:46:42

John C Klensin wrote:

there is a remedy that fits the existing model much better than
either Frank's approach or discarding mail.  That is to _not_ 
return full content but, instead, to return headers only or, 
perhaps, headers plus the first few lines of text if the first 
body part is text.

We probably disagree about what "the existing model" is.  Before
the 1123 disaster it was "you sent it, you deal with it if there
are problems", each hop automatically interested to forward only
mails where it could handle later problems (with alternative 551)

It took the oppsition more than a decade to figure out that they
can use any "reverse" path under the "modified" 5.3.6(a) model -
it only needs to be plausible, i.e. survive "call back" tests.

Your proposal is apparently to fix RFC 3462, reflecting common
practice, never "return" (= forward) the complete spam to forged
MAIL FROM addresses.  We probably all agree that this is a good
idea for a MUST NOT in a 3462bis where it says (ch. 1 clause 3):

| In the absence of an explicit request for level of return of 
| content such as that provided in [DRPT], the agent that
| generated the delivery service report should return the full
| message content.

It MUST NOT "return" the full message content, unless it's very
sure that it really returns the mail, instead of forwarding it
to a victim chosen by the attacker.

That's an RFC 3462 detail, and RFC 3464 4.1(f) only states the
obvious fact, "unsolicited DSN", same as in 1894 - you have 1894
as 2821 reference [25].

A mail-arch draft probably shouldn't go into such details.  The
figure 2 in 1894/3464 is nice, it covers the case "you got it
from SMTP, you report errors to SMTP".

that approach would make backscatter essentially useless as a
means of spam delivery.

Yes, in theory.  For MTAs still "returning" the complete spam to
third parties I fear that "interpreting 3462 literally" isn't a
part of their problem.  They really want to dump this crap into
the mailboxes of innocent bystanders, because they think that's
what 2821 requires.


<Prev in Thread] Current Thread [Next in Thread>