[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)

To: "ASRG" <asrg@ietf.org>
Subject: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
From: "Hector Santos" <winserver.support@winserver.com>
Date: Sun, 30 Nov 2003 04:28:59 -0500
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Santronics Software, Inc
References: <2A1D4C86842EE14CA9BC80474919782E0111322D@mou1wnexm02.vcorp.ad.vrsn.com> <c1e97a355b0e1a3d53a373400cb2817a3fc72e9b@mhs> <002001c3b59a$a9b07250$60c6d344@FAMILY> <006001c3b5a6$bc763d50$60c6d344@FAMILY> <3FC78DDB.6010105@solidmatrix.com> <003501c3b5ef$0d8d6f90$60c6d344@FAMILY> <3FC7B288.3080708@solidmatrix.com> <3FC8F64C.3080701@elvey.com> <003a01c3b6f2$6aaa4370$60c6d344@FAMILY> <3FC98542.4060403@solidmatrix.com> <010a01c3b70d$bc2c8d00$60c6d344@FAMILY> <3FC99586.3000701@solidmatrix.com> <015d01c3b71d$fc00c7b0$60c6d344@FAMILY> <3FC9B19B.8000201@solidmatrix.com>
Sender: asrg-admin@ietf.org

----- Original Message ----- 

> >>What I would like to narrow down is what purpose does this proposal
> >>address? What exact forgery does it solve?
> >
> > Valid Return Path.
> >
> > The RFC says that all mail must be returnable (except for NULL address).
> >
>
> Ok, I believe we have narrowed it down :) Thanks for bearing with us
> folks :)
>
> So what we are addressing is the valid return path. The current
> standards allow for invalid return addresses, which is the one of the
> root problems that led to spam. This has a side-effect of allowing
> anonymous email (which can still survive if the anonymous email server
> uses its own email address for MAIL FROM). That I believe is our point
> of contention, and I would be more than happy to see the exact section
> which requires all mail to be returnable.

See RFC 2821 section 6, second paragraph:

   "If there is a delivery failure after acceptance of a message, the
   receiver-SMTP MUST formulate and mail a notification message.  This
   notification MUST be sent using a null ("<>") reverse path in the
   envelope.  The recipient of this notification MUST be the address
   from the envelope return path (or the Return-Path: line). "

Thats pretty straight forward to me.

If a return path MUST be available to delivery of failure notifications,
then it can only be accomplish with a valid return path.   Therefore, it is
only logical that a valid return path is provided in the first place in the
event a delivery failure notification is required.

Incidentally, section 7.1 last paragraph is obsolete and inconsistance with
the rest of the specs. Needs to be moved if you wish to move on with your
efforts.

  "This specification does not further address the authentication issues
   associated with SMTP other than to advocate that useful functionality
   not be disabled in the hope of providing some small margin of
   protection against an ignorant user who is trying to fake mail."

Obviously,   "small margin" is now LARGE and "an ignorant user" is now "an
ignorant industry"

<G>





_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer

References:
- RE: [Asrg] Re: 6. Proposals - rDNS and rMX
  - From: Hallam-Baker, Phillip
- Re: [SPAM] RE: [Asrg] Re: 6. Proposals - rDNS and rMX
  - From: Jukka Inkeri
- [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
  - From: Matthew Elvey
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Hector Santos
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Hector Santos
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Hector Santos
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
  - From: Yakov Shafranovich

Prev by Date: [Asrg] Re: 6. Proposals - Pull System (revisited)
Next by Date: Re: RE: [Asrg] 6. Proposals - Legal - Subject labelling (?)
Previous by thread: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
Next by thread: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Index(es):
- Date
- Thread