On Tue, 13 Nov 2007 11:42:27 EST, John Leslie said:
You're essentially correct, but the -00 spec does allow for the case
where you decide -- before fetching any part of the message -- that the
originator is not worth trusting, so you simply discard the URI silently.
How is that any different than sending a 5xx in response to RCPT TO:,
which is something we can (and should) do now?
I'm feeling kinda dumb for having missed the ultimate flaw in the proposal.
The goal of the proposal is to permit deferred filtering analysis, or at least
As someone else noted, most of this work requires the message header and/or
content. That requires message transfer.
The information that is transferred during the retained SMTP exchange is
minimally helpful, except for previous-hop IP Address. Everything else
requires access to the actual message. This means reaching across the net to
get the message for inspection.
And this is better than transferring the message during a regular SMTP session
We don't save cross-net transfers. We add transaction overhead and delay.
The issue of hand-off responsibility is changed, but I have not heard that
asserted as a problem amidst anti-abuse efforts.