[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance

To: "'Peter Kay'" <peter@titankey.com>, "'Yakov Shafranovich'" <research@solidmatrix.com>
Subject: RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance
From: "Eric Dean" <eric@purespeed.com>
Date: Fri, 3 Oct 2003 12:18:32 -0400
Cc: "'Kee Hinckley'" <nazgul@somewhere.com>, <asrg@ietf.org>, "'Brad Knowles'" <brad.knowles@skynet.be>
Importance: Normal
In-reply-to: <DD198B5D07F04347B7266A3F35C42B0B0FD1A4@io.cybercom.local>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

> Isn't CRI about getting various CR systems to interoperate?

CR requires human intervention...CRI is automated.
 
> If something make sense for CR, how can it not make sense for CRI?
> 
> > The problem I have with the original sender's
> > email address is that I now have to inspect EVERY email
> > 821,822,and MIME to look for CRI headers.
> 
> This statement confuses me even further. If CRI systems don't use the
> original sender's email address, they DEFINITELY have to inspect every
> email for CRI headers because they don't know if a given email is a
> challenge or not.

Hmm...either way you have to inspect all headers.  I was thinking of
inspecting responses...but I still need to fully inspect 821,822,MIME
for challenges as well...unless there was a preemptive message by a CRI
challenging server requesting from the destination MX if they support
CRI...then the CRI message could go to a local system user rather than
the end-user...but that seems too complicated at this point.

However, I am thinking of a potential conflict whereby I may use CRI
client software via a CRI server...I need to think about this a bit
more...but if the CRI server uses my email address...then it may break
my client CRI software.

> I submit to you that keeping the original sender's email address
> SIGNIFICANTLY reduces overhead, because:
> 1. Challenge transmissions are ALWAYS a reactive step, (CRI draft, 2b)
> 2. This implies that the sender has already sent an email (CRI draft,
> 2a)
> 3. And if we ASSUME  that the original sender has automatically
> whitelisted the recipient email address (a safe assumption)

This makes sense when a computer is not automatically responding...when
a human is involved...whitelists matter...when it's a computer
maintaining state on the human's behalf...whitelists don't come into
play

> 4. Then a CRI system only needs to inspect email whose MAIL-FROM is
> present on the whitelist, otherwise the CRI needs to inspect
everything.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance
  - From: david nicol

References:
- RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance
  - From: Peter Kay

Prev by Date: [Asrg] 7. BCP - 'Recommendations for Automatic Responses to Electronic Mail'to Proposed Standard
Next by Date: Re: [Asrg] 6. Proposals - AMTP (rev 01) - MPC
Previous by thread: RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance
Next by thread: RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance
Index(es):
- Date
- Thread