[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] Re: 03.1 Re: Forgery in SMTP (applying flame retardent)
Walter Dnes <waltdnes@waltdnes.org> wrote:
> I was trying to say that Alan should not be held responsible for the
> misdeeds of others.
When someone steals my credit card information, I'm held responsible
until I can demonstrate it wasn't me. If a particular store has a
large number of fraudulent transactions, then the credit card company
can impose additional restrictions on them, or take away their card
access entirely.
No such system of accountability exists in SMTP. Any such system we
create will be forever limited due to the large numbers of people who
refuse to accept such accountability.
> The point I was trying to make was that SMTP allows almost any text
> (excepting .\n\n) in the raw DATA: body. The DATA: body includes the
> "From:" header. Most MUAs don't know about envelope-sender, and many
> ISPs omit envelope-sender in the email as delivered to the end-user's
> POP account. The only thing that the recipient can know for certain
> (assuming they can parse headers) is the final external IP address that
> handed the email to their ISP.
Which is why some of the proposals involve audit trails. Hop by hop
authentication/accountability of SMTP messages is very problematic.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg