[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)

To: <asrg@ietf.org>
Subject: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
From: "Hector Santos" <winserver.support@winserver.com>
Date: Mon, 1 Dec 2003 06:15:02 -0500
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Santronics Software, Inc
References: <011301c3b7a1$818831b0$60c6d344@FAMILY> <3FCA9582.2080602@solidmatrix.com> <20031201041154.GA32587@thyrsus.com> <1031201050104.ZM3624@candle.brasslantern.com> <20031201063419.GA29153@thyrsus.com> <1031201070857.ZM3841@candle.brasslantern.com> <20031201071708.GB30032@thyrsus.com> <1031201091349.ZM3967@candle.brasslantern.com> <20031201093547.GA21449@thyrsus.com> <1031201095053.ZM4100@candle.brasslantern.com> <20031201100913.GA7306@thyrsus.com> <1031201103028.ZM4210@candle.brasslantern.com>
Sender: asrg-admin@ietf.org

----- Original Message ----- 
From: "Bart Schaefer" <schaefer@brasslantern.com>
> }
> } I don't see how the presence of MXes matters.
>
> Hector's caller-ID proposal determines the validity of an address coming
> from MTA1 by initiating a new SMTP transaction with the corresponding MX,
> in this case MX1.  We wouldn't be having this discussion at all if the
> presence of MX1 were not required.

But is is only used because the user provided his address as MX1.

> } Are you maintaining that what's in the MAIL FROM need not be a valid
> } reply address?
>
> I am maintaining that a separate SMTP transaction among MX2 and MX1 is
> not a reliable test of whether what's in MTA1's MAIL FROM is a valid
> reply address, because the existing protocol definition cannot require
> that it be a reliable test.

The existing procotol must certainly defines that it is a reliable test -
WHEN USED by COMPLIANT systems.  When it is used by non-compliant systems,
then you will be blocked with ESMTP VERSION 9.0!

> If that means the MAIL FROM is not a valid reply address, then yes, I
> am asserting that nothing I've yet seen quoted from RFC2821 requires
> that what's in the MAIL FROM need be a valid address to which MX2 can
> reply.  I further assert that if 2821 did require that, it would then
> prohibit those edge cases that you've previously dismissed; which edge
> cases it manifestly does not prohibit.

Your assertion is based on validity of non-compliant usage which is EXACTLY
what we are trying to block!

My assertion is that the 80% of the spamming problem is SOLVED by conforming
to the specs.

The RFCs clearly indicates that the Return-Path: is a REQUIREMENT which
comes from a required MAIL-FROM:  with the presumption is it a RELIABLE
return path.

But that also doesn't mean that it may not be VALID.

In COMPLIANT systems, it will be.

In SPOOF systems, it will not.

What is so hard to understand about that?

---
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Hector Santos
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerIDVerification)
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Eric S. Raymond
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Eric S. Raymond
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Eric S. Raymond
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Eric S. Raymond
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Eric S. Raymond
- Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
  - From: Bart Schaefer

Prev by Date: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Next by Date: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Previous by thread: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Next by thread: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Index(es):
- Date
- Thread