On Wed, 5 May 2004 06:02, Keith Moore wrote:
the job of the submission agent is to authenticate the source (for some
meaning of "authenticate", to reject or fix invalid messages (and
provide feedback to the user that his MUA is broken) and submit
valid messages to the email transport system.
My earlier point still holds. Regardless of whether or not a client is acting
in the "submission" role or the "relay" role, it may or may not be violating
protocol somewhere in the transaction. If a server performs strict protocol
checks at every stage of the dialogue, then it will reject such violations;
if it assumes that the client observes protocol correctly, then it will
propagate violations.
To put it another way, it's the client's job to pass on data only in a way
that observes protocol, but can the server assume the client is doing its
job? This seems to be largely a question of implementation. An implementation
should consider the consequences of passing on data from a client
uncritically, doubly so if the client might be actively malicious in its
crafting of data. The safer path is to perform strict validation in all
cases.