[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-31 13:31:06

John C Klensin wrote:
--On Friday, January 30, 2009 17:19 +0100 Alessandro Vesely
<vesely(_at_)tana(_dot_)it> wrote:
Not being an anonymous operator involves choosing an ISP that does reverse DNS delegations, and registering a domain directly rather than through a whois-privacy-enhanced registrar.

Thank you for finally clarifying what you (and probably others) meant by "non-anonymous operator" and "verifiable domain name". My personal opinion and answer to your question is that, from a protocol standpoint, it is undesirable to try to require a higher standard for the EHLO argument that resolvability of the domain name -- resolvability to _something_. The status of the domain registration, whether it is "privacy enhanced" or not, etc., are reasonable matters for local policy, but not for the SMTP protocol.

"Resolvability to anything" obviously has an obscure meaning.

Voluntarily disclosing one's identification, through proper [r]DNS registrations, is useful for conveying good intentions. For example, it makes it easier to register with Hotmail/Live. (By giving up its own anonymity, an ESP can shield its users', to some extent.) I agree this pertains to local policies.

The principle that only subscribers are enabled to send, which works for mailing lists, has no counterpart in SMTP. On an ethical configurator, I'd opt for accepting mail only from domains that usually listen on port 25, rather than (or in addition to) non-anonymity. Would this principle be reasonable for VHLO? Would it lock out zombies?

If someone can notice that you are supporting anonymous senders (typically an operational or political determination, not a protocol one) and make you disclose their identities with penalties including being shut down if you do not, then there is no operational anonymity at least vis-a-vis whomever can compel you in that way.

I looked for an anonymous remailer, but couldn't find one. (OK, I didn't search very hard.) On some sites, I found declarations that they discontinued operations because of abuse, not governmental shut down. Does abuse hurt small and medium ESPs more than large ones? I tend to think that giant providers have more bargaining power, also w.r.t. one another. Current developments of FBL and ARF apparently confirm that small ESPs may be going to experience some disadvantages when competing with such established giants.

The most flagrant case of email tracing I know of is that of Shi Tao ( who is serving a 10 years sentence for sending one message, after Yahoo "practically led the police to his door" -in the words of Tom Lantos. Browsing through various associations' opinions, it is easy to find concerns about non democratic governments and transnational corporations getting into agreements with them. I don't want to imply that small postmasters are more valorous, although some may. However, it is certainly more difficult for an institution to control each small operator than to get in touch with a few big ones.

IMHO, consigning email to transnational corporations would ultimately attain even less support for those situations "in which strong anonymity and privacy are really important" -in your words.

<Prev in Thread] Current Thread [Next in Thread>