[Top] [All Lists]

Re: Proposal: Using Conservative EHLO Response Parser Behaviour For Tarpitting

2007-06-19 09:26:42

Hi Hector,

On 18 Jun 2007 at 21:22, Hector Santos <hsantos(_at_)santronics(_dot_)com> said:

The only problem is that, as Tony and myself eventually showed by 
actually checking a selected group of open source software, there is 
enough legacy software out there that don't follow or follow the parsing of
responds code in different ways.

In other words, SMTP COMPATIBILITY WAS THE MAIN ISSUE, thus it wasn't

This is essentially what I've been looking for.  Thanks!  If we aren't 
sure we'll even get reasonably consistent parsing behaviour, then we might 
as well forget it.

I'm all for pleading conformance, which is all very well providing that no-
one objects when the big boys force everyone else to adopt their broken, 
pseudo-equivalent ideas of the same standard as the standard, both in 
working implementations and, later, in written standards published on 
behalf of the IETF.  They will, though, because interoperability is key 
(read: because they can't really do a great deal about it, even en-mass, 
without thoroughly discrediting themselves as being broken and unusable 
and unfair etc. in the process to all those people who have no knowledge 
of the significance of real standards, why they're there, and all that and 
by people who can put out enough spin to make it happen).  That's just 
business as usual. :-(

Here's another one: would I be in the wrong if I didn't allow for a space 
between ":" and "<" in MAIL and RCPT commands?  That one is the law, too.  
It, too, isn't seen in anything decent, only in ratware ... and popular 
email programs.  Even Microsoft's own SMTP service now doesn't do it.  And 
then there are the mobile devices which forget the angle brackets ... and 
yet we accept and put up with this.  If I do write my MTA with the 
assumption that everyone will keep to these little pieces of the standard, 
I'll probably get lynched for not observing what happens in the real world 
without any kind of reflection on why the standards aren't describing what 
happens in it.

I do agree that it will happen, sooner or later, that we'll end up 
formalising "Please hold the line" and I suspect we'll probably also 
gradually encourage clients to follow it for some reason, no matter how 
unthinkable it would have been a few years ago.  SPF is an example of 
this; people with big spam problems will be willing to punish those who 
don't get on their bandwaggon, even if that's not in the spirit of email 
exchange and interoperability.  Both would presumably help against 
returned-mail-DoSs, among other things.


Sabahattin Gucukoglu <mail<at>sabahattin<dash>gucukoglu<dot>com>
Address harvesters, snag this: feedme(_at_)yamta(_dot_)org
Phone: +44 20 88008915
Mobile: +44 7986 053399

<Prev in Thread] Current Thread [Next in Thread>