[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-13 11:28:36

Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Tue, 13 Nov 2007 11:42:27 EST, John Leslie said:

   You're essentially correct, but the -00 spec does allow for the case
where you decide -- before fetching any part of the message -- that the
originator is not worth trusting, so you simply discard the URI silently.

How is that any different than sending a 5xx in response to RCPT TO:,
which is something we can (and should) do now?

I'm feeling kinda dumb for having missed the ultimate flaw in the proposal.

The goal of the proposal is to permit deferred filtering analysis, or at least reputation analysis.

As someone else noted, most of this work requires the message header and/or content. That requires message transfer.

The information that is transferred during the retained SMTP exchange is minimally helpful, except for previous-hop IP Address. Everything else requires access to the actual message. This means reaching across the net to get the message for inspection.

And this is better than transferring the message during a regular SMTP session how?

We don't save cross-net transfers.  We add transaction overhead and delay.

The issue of hand-off responsibility is changed, but I have not heard that asserted as a problem amidst anti-abuse efforts.


  Dave Crocker
  Brandenburg InternetWorking