ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] Fwd: New Version Notification for draft-shafranovich-privacy-mailbox-00.txt

2018-06-13 17:15:32
from [Yakov Shafranovich] [Permanent Link] 
John,

Thank you for the feedback, I will certainly try to address it.

As a side note - the spamming issue is an issue for all reserved names
- perhaps it is time to deprecate majority of RFC 2142, except for
whatever is actually being used?

Thanks

On Wed, Jun 13, 2018 at 5:53 PM, John C Klensin <john(_at_)jck(_dot_)com> wrote:

Yakov,

A quick comment about the general idea of these reserved mailbox
names.  They were a good idea when we started using them (and,
of course, "Postmaster" goes back to before our current model of
email).  However, in today's environment, one of the nicest
gifts we can give to the spammers and other spreaders of chaos
and DoS attacks on email servers is to hand them a list of
local-parts of addresses that every mail server that supports
delivery to local mailboxes is required or strongly encouraged
to support.  Postmaster accounts now get enough unwanted mail
that has nothing to do with the Postmaster function that a large
fraction of those who try to read and understand that traffic on
a daily or better schedule probably have too much time on their
hands.

So, please analyze, what happens if a "privacy" address (along
with "Postmaster", "abuse", etc., addresses) is put up and
immediately overwhelmed by spam.  Is it worthwhile anyway?  Do
you have a good model for mitigating the abusive traffic to an
address that ought to be open to traffic from "strange" sources
to make sure that complaints are either received or the sender
understands that they were not.  And then, if you sti8ll think
going ahead with this is a good idea, please include that
analysis in your I-D.

Just my opinion and speaking for no one else.
     best,
       john


--On Wednesday, June 13, 2018 16:33 -0400 Yakov Shafranovich
<yakov(_at_)nightwatchcybersecurity(_dot_)com> wrote:


I originally posted this to the DISPATCH list but Murray
Kucherawy recommended that these two lists may be a more
appropriate forum to solicit feedback. Thank you in advance.

Draft:
https://datatracker.ietf.org/doc/html/draft-shafranovich-priva
cy-mailbox

Abstract:
   Multiple Internet standards describe common mailbox names
(mailbox @    domain) to be used by organizations for
operational and business    functions.  This document defines
a new mailbox called "privacy" that    SHOULD be used for
contacting domain name owners about privacy    issues.







_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Fwd: New Version Notification for draft-shafranovich-privacy-mailbox-00.txt, John C Klensin
Next by Date:  Re: [ietf-smtp] Fwd: New Version Notification for draft-shafranovich-privacy-mailbox-00.txt, valdis . kletnieks
Previous by Thread:  Re: [ietf-smtp] Fwd: New Version Notification for draft-shafranovich-privacy-mailbox-00.txt, John C Klensin
Next by Thread:  Re: [ietf-smtp] Fwd: New Version Notification for draft-shafranovich-privacy-mailbox-00.txt, valdis . kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]