On Tue, 2004-03-30 at 21:37 +1200, Nick Phillips wrote:
For justification, I'd just point out that a message forwarded in that way
is logically identical to a forgery.
...
The second message obviously _isn't_ a forgery, and it passes CBV -- but
you claim it's "logically identical" to one. I suggest that if that's
logical, your axioms are flawed.
I don't believe that it's reasonable to assume that a forwarder can basically
forge envelopes on the grounds that "there's likely to be some other way to
tell that it's alright really", or to expect a recipient to expend the effort
to check all those other possible ways to tell that your mail is, after all,
valid.
I was questioning your use of the phrase 'logically identical to a
forgery'. That's never been the case and you're trying to make it the
case.
What happens when you decide to use BigCompany's latest whizzy digital
signature mechanism that's only available if you pay them lots? Do you then
expect me to do so in order that you/your forwarders may continue to play
games with your envelopes?
Not at all. That would be silly.
The envelope should stand alone, and one should
not rely on other assorted arbitrary and hypothetical information to
determine whether or not it is valid.
Absolutely. No other assorted arbitrary and hypothetical information,
such as TXT records (containing XML or saner forms of data), IP
addresses. etc. Either the reverse-path is a valid email address to
which you could send a bounce, or it's not.
But don't expect everyone else to faff about examining your mail in
minute detail to see whether some one of infinitely many possible
other methods could show that it's probably really from you
after all.
Absolutely. Nobody needs to do anything different -- and especially they
don't need to do something which gives them a high risk of rejecting
valid¹ mail. I settled on a scheme which gives me the instant benefit of
rejecting bounces to _all_ joe-jobs, not just the joe-jobs which were
sent to people who've heard of and implemented my scheme.
As an added benefit, this also gives a lot of third parties the chance
of rejecting those joe-jobs in the first place.
The third parties that benefit are those who are already doing CBV; a
practice which is not uncommon and which has a very low risk of
rejecting valid mail.
That probably sounds harsher than it's intended to be, but I'm going to
have to leave it now - I guess we'll have to agree to disagree, and
"fight it out in the marketplace".
I'm not sure how much we disagree in principle.
You're assuming that people read bounces. I don't make that assumption
because I've seen it disproven too many times.
I'm not assuming that; it is however preferable to send a bounce to the
sender if possible (as opposed to just dropping it). I'm well aware that
lots of people don't read bounces, but some do.
I agree that bouncing is preferable to dropping mail. Rejection, where
possible, is obviously preferable to both.
However, in the case of _valid_¹ mail, I happen to prefer delivery above
all the above three options. Others are less concerned about such
things, it seems.
--
dwmw2
¹ Where 'valid' is the normal human meaning of it, notwithstanding your
'logically identical to a forgery' in the Brave New World.