Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP

To: ietf at ietf.org
Subject: Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
From: John Levine <johnl at iecc.com>
Date: 9 Jun 2007 20:00:49 -0000
Cc:
In-reply-to: <20070608123957.GA20598@nic.fr>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Organization:

>Since section 5 "Message Submission Authentication/Authorization
>Technologies" mentions only SMTP AUTH and TLS, does it mean that
>authentication by IP addresses is forbidden? I ask so because it is
>currently the most common way to weakly authenticate local users. Is
>it covered by "Depending upon the environment, different mechanisms
>can be more or less effective and convenient"?

The latter.  The intention is to encourage everyone to use AUTH or
TLS, since they tend to provide better granularity than IP
authentication.  For example, it's dismayingly common to use security
holes to install scripts on web servers that send out spam.  If the
legit scripts all used AUTH when sending mail to the local mail
server, it would be immediately obvious when a rogue script were
sending mail.

>Side note: on Unix, will cron be forced to authenticate to send emails
>at 2 am? :-)

Perhaps a sentence or two clarifying that this only applies to SMTP and
SUBMIT would be in order.

R's,
John

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
  - From: John C Klensin

References:
- Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
  - From: Stephane Bortzmeyer

Prev by Date: Last Call: draft-ietf-dccp-rtp (RTP and the DatagramCongestion Control Protocol (DCCP)) to Proposed Standard
Next by Date: Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
Previous by thread: Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
Next by thread: Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.