[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-12 12:15:27

On Nov 12, 2007, at 7:56 AM, Dave Crocker wrote:

< Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch- adv.htm&r=62&f=G&l=50&d=PTXT&s1=tumbleweed&p=2&OS=tumbleweed&RS=tumble weed>

They enforce this patents and its follow-ons very aggressively.

This is under review.

2. At best, this reduces total bytes over the but the requirement for a notification message does not reduce the number of network 'transactions' -- in fact it increases them by 100% or more.

This calculation is wrong. You are assuming a substantial percentage of messages will be retrieved, yet the typical levels of spam would suggest otherwise. In addition, this can be an optional mode used only for unknown sources. This calculation also fails to consider the transactions occurring when a DSN is generated.

3. This presumes that making a real-time decision is a current problem, when it is not generally held to be a major factor among the anti-abuse community. Sure, it would be nice to be able to do it, but it's a long way from the top of the list.

The number of back-scatter sources containing spam and malware represents more than the number of direct threat sources. Unfortunately, uncovering threats often necessitates more time than permitted for an Okay. All modes of spam must be blocked, or exceptions soon become a predominate mode for bad-actors. This battle simply does not scale as a real-time effort. Some obfuscation strategies evade detection through rapid deployment of related infrastructure. Postponing acceptance, even a few minutes, goes a long way toward thwarting this pernicious tactic. Reputation is never instantaneous.

4. It presumes that users can make the right decision. Experience is pretty clear that that's too often not a correct presumption. In addition, having users be required to make this decision burdens them far more than is felt to be useful. (This is a derivation of the transaction cost item, above, except that it moves the decision- making from a receive-side front-end filter to the human user. And of course, it them requires them to wait for the message to show up.

You have misread the intent. The mail delivery agent decides what gets delivered.

5. Doesn't work so well for disconnected users.

This will not impact disconnected users at all.