On 24 May 2021, at 12:43, Alessandro Vesely <vesely(_at_)tana(_dot_)it> wrote:
As the discussion is fully non-personal, I think you don't mind if I CC the
list.
No, I don’t mind, but as a result, we still broke the conversation threading.
It would be nice if mailarchive.ietf.org offered a “Download message” option
next to the “Show header” option. This would have made it straightforward to
import your message into my mailbox.
One thing is the definition of /email service provider/. The wikipedia
article
you link to is correctly named /Mailbox provider/. A number of people
consider
ESPs a different kind of business. Others, especially foreigners, don't
grok that.
I don’t like the term “mailbox provider” because these companies provide
much more than just a mailbox, namely email submission and delivery, spam
prevention, and message filtering with Sieve or some other interface. For
me, email service provider is a suitable equivalent to Internet service
provider (ISP). Do you think of Mailgun, SendGrid, Postmark, etc. when you
hear “email service provider”? I called them SMTP service providers or email
delivery vendors in the box about reputation
(https://explained-from-first-principles.com/email/#reputation).
Hm... /email delivery vendor/ sounds interesting. Unfortunately, ESP is well
established already (among the people who knows what that is).
Mailbox provider was told me by JD Falk when I was caught in the same trap:
https://web.archive.org/web/20100613121358/http://mipassoc.org/pipermail/abuse-feedback-report/2009q3/000360.html
Even if MPs offer many more services, mailboxes are associated with email
addresses, which are the most noteworthy elements of visibility.
An alternative name is MSP (without 'E'), defined in email arch. as:
Transit: Mail Service Providers (MSPs) that offer value-added
capabilities for Edge ADMDs, such as aggregation and
filtering.
Thank you for the additional context. Personally, I strongly object to the idea
that mail service provider (MSP) and email service provider (ESP) can stand for
different things. In the context of email, mail and email are used
interchangeably. But there is also another reason why I don’t like the term
“mailbox provider”: The term “mailbox” is used to refer to both an email
account, which is identified by an email address, and a message folder in such
an account, as defined by the IMAP standard. While I use the term only in the
former meaning, some mail clients such as Apple Mail use the latter. Moreover,
the term “email service provider” is too generic to refer only to transaction
emails and bulk mailings, in my opinion. I will add a note about the different
usages to my article, though.
I didn't see the topic of remote code execution in your article. However,
Javascript can be embedded inside html pages, where browsers normally execute
it. I hope email clients don't, but I don't recall feature statements in
this regard.
I wrote in https://explained-from-first-principles.com/email/#html-emails
<https://explained-from-first-principles.com/email/#html-emails>: “For security
reasons, mail clients don’t execute sender-provided JavaScript.”
However, some email service/mailbox providers support dynamic content with a
whitelisted JavaScript framework:
https://explained-from-first-principles.com/email/#dynamic-content
<https://explained-from-first-principles.com/email/#dynamic-content>
A recursive resolver doesn't have to be DNSSEC aware. A client issues a call
and looks for a TXT RR in the response. A fussy client has to explicitly
look for CNAME records in order to increase the count when it finds them.
IMHO, it makes no sense. Resolving implies additional calls issued by the
resolver to navigate any involved zone cut, and these are certainly not
counted.
You make a good point here. I still think this aspect should be clarified in
the standard so that an SPF record with CNAME indirections and 10 lookups is
either valid for all clients or none of them.
And the beauty of TLSA records is that the MX operator maintains them. All I
have to do as a domain owner is to deploy/enable DNSSEC on my domain.
You're right. I assumed the TLSA record was not a CNAME. I guess you mean:
_25._tcp.my-domain.example. IN CNAME _25._tcp.MX-operator.example.
No, I meant that DANE-aware ESMTP clients first resolve the MX indirection and
look for TLSA records on the “target/MX” domain.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp