[Asrg] Re: 6. Proposals - Pull System (revisited)

["Jon Kyme" <jrk@merseymail.com>]

> At 12:16 PM +0000 11/29/03, Jon Kyme wrote:
> >What exactly is the specific failing of SMTP which is addressed by pull
> >systems?
> >
> >Have I missed something?
> 
> 
> SMTP for RFC822-format mail is essentially the only 'push' system in 
> wide use on the net where data is sent to individual end users 
> without requiring their prior consent. Yet for historical reasons, it 
> operates on a source-trusted model. Traditionally, none of the source 
> identification data in RFC822 mail or used in SMTP are authenticated 
> in any way, but rather they are accepted no matter what they are. In 
> the case of the HELO argument it is even unwise to do basic sanity 
> checks because  misuse is so widespread among legitimate senders: 
> unless the sending side claims an unambiguous identity which the 
> receiving system knows as its own, refusing mail based on a 
> validation failure will result in some legitimate mail being 
> rejected. Being a push system makes email more subject to spamming 
> than 'pull' systems, and the historical ways that Internet email has 
> been run without any sort of sender validation have led to even 
> non-spam using mechanisms that break any serious attempt at sender 
> authentication.
> 


Yes, alright, don't go on... lack of sender validation. OK, now fix sender
validation (see the many proposals to this end). What's wrong with SMTP?





--

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg