|
the curse of the S(imple) protocols, was: Re: e2e
2007-08-17 06:52:44
On 17-aug-2007, at 14:56, Keith Moore wrote:
It would also restrict you to using a Return-path which is valid for
the network from which you are sending the mail. That may not be
practical in some environments where you don't have an existing
account and you can only send mail through the local mail server (no
access to submission port on home server, e.g. outgoing TCP 587
blocked or network unreachable).
So what you're saying is that any mail server should be able to
source
messages from any mail user using any email address in any domain.
Sorry, that's not a reasonable desire in my opinion.
what's unreasonable is trying to use IP addresses as authentication
tokens, or expecting applications to know about network topology in
order to route messages.
I agree that this suboptimal (but given that simple email users such
as myself have so few options my server does take the source IP
address into consideration when filtering at this point in time).
What we need to filter on are (of course) the identities of the
servers and the originators of messages. But the former requires that
servers don't trust random originators, hence my message, and that
there is some way to make sure an originator is who he or she claims
to be that works a bit better than simply taking the From: line at
face value.
The counter argument is that spammers will simply use disposable
identities. However, that at least makes sure that if I get a message
from ietf(_at_)ietf(_dot_)org I know that it's actually from ietf(_at_)ietf(_dot_)org so
whitelisting works and I don't get bombarded with bounces when a
spammer uses my domain, and if we make getting an identity take
enough time or money, spammers won't be able to get them fast enough
to spam much before they're blacklisted.
Then again, misspelled fishing would be an order of magnitude harder
if banks and retailers started using S/MIME, which is widely
implemented today, but they can't be bothered, so it looks like
protocol design isn't going to save the world any time soon.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: e2e, (continued)
- Re: e2e, Douglas Otis
- Message not available
- RE: e2e, SM
- Re: e2e, Douglas Otis
- RE: e2e, michael.dillon
- Message not available
- RE: e2e, SM
- Re: e2e, Iljitsch van Beijnum
- Re: e2e, Keith Moore
- the curse of the S(imple) protocols, was: Re: e2e,
Iljitsch van Beijnum <=
- Re: the curse of the S(imple) protocols, was: Re: e2e, John C Klensin
- Re: the curse of the S(imple) protocols, was: Re: e2e, Keith Moore
- Re: the curse of the S(imple) protocols, was: Re: e2e, Henning Schulzrinne
- Re: the curse of the S(imple) protocols, was: Re: e2e, Steven M. Bellovin
- Re: the curse of the S(imple) protocols, was: Re: e2e, Iljitsch van Beijnum
- Re: the curse of the S(imple) protocols, was: Re: e2e, Steven M. Bellovin
- Re: the curse of the S(imple) protocols, was: Re: e2e, John Levine
- Re: the curse of the S(imple) protocols, was: Re: e2e, John C Klensin
- Re: the curse of the S(imple) protocols, was: Re: e2e, SM
- Re: the curse of the S(imple) protocols, was: Re: e2e, John C Klensin
|
|
|