Updated MediaSize draft (draft-shveidel-mediasize-04.txt = )

Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hANEubkT021823 for ; Sun, 23 Nov 2003 06:56:37 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hANEubIA021822 for ietf-smtp-bks; Sun, 23 Nov 2003 06:56:37 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from il-tlv-smtpout2.icomverse.com (il-tlv-firewall-main.icomverse.com [192.118.48.248]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hANEuWkT021817 for ; Sun, 23 Nov 2003 06:56:36 -0800 (PST) (envelope-from Ari.Erev@comverse.com) Received: from il-tlv-mbdg1.comverse.com (il-tlv-mbdg1.comverse.com [10.115.243.99]) by il-tlv-smtpout2.icomverse.com (8.11.6/8.11.6) with ESMTP id hANEsrp12417; Sun, 23 Nov 2003 16:54:55 +0200 Received: by il-tlv-mbdg1.comverse.com with Internet Mail Service (5.5.2657.72) id ; Sun, 23 Nov 2003 16:55:02 +0200 Message-ID: <7D4344E32B34D511A6500002A560C60207C8BDA5@IL-TLV-MAIL4> From: Erev Ari To: "'lemonade@ietf.org'" , ietf-smtp@imc.org Subject: Updated MediaSize draft (draft-shveidel-mediasize-04.txt ) Date: Sun, 23 Nov 2003 16:54:59 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3B1D1.C466C3FA" Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C3B1D1.C466C3FA Content-Type: text/plain; charset="windows-1255" Hello, I have updated the SMTP MediaSize extension draft. For some reason, the standard notification message was not posted to the lists, so I am posting it "manually". Many thanks to Chris Newman who contributed most of the feedback for this version of the draft, as a preparation for last call. If no major feedback is received within the next 2 weeks, I would like to send it for IESG last call as an individual draft. Discussion is on the lemonade list. Reminder: This memo defines an extension to the Simple Mail Transfer Protocol (SMTP) service whereby an SMTP client and server may interact to give the server an opportunity to decline or accept a message (perhaps temporarily) based on the client's estimate of the general message size and sizes of the media parts the message contains. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-shveidel-mediasize-04.txt Regards, Ari Erev ------_=_NextPart_001_01C3B1D1.C466C3FA Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable Updated MediaSize draft (draft-shveidel-mediasize-04.txt = )

Hello,

I have updated the SMTP MediaSize = extension draft. For some reason, the standard notification message was = not posted to the lists, so I am posting it = "manually".

Many thanks to Chris Newman who = contributed most of the feedback for this version of the draft, as a = preparation for last call.

If no major feedback is received = within the next 2 weeks, I would like to send it for IESG last call as = an individual draft.

Discussion is on the lemonade = list.

Reminder:
This memo defines an extension to the = Simple Mail Transfer Protocol
(SMTP) service whereby an SMTP client = and server may interact to
give the server an opportunity to = decline or accept a message
(perhaps temporarily) based on the = client's estimate of the general
message size and sizes of the media = parts the message contains.

A URL for this Internet-Draft = is:
http://www.ietf.org/internet-drafts/draft-shveidel-med= iasize-04.txt

Regards,
Ari Erev

------_=_NextPart_001_01C3B1D1.C466C3FA-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN3a6kT029485 for ; Sat, 22 Nov 2003 19:36:06 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAN3a6I4029484 for ietf-smtp-bks; Sat, 22 Nov 2003 19:36:06 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from turing-police.cc.vt.edu (h80ad24a3.async.vt.edu [128.173.36.163]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN3a3kT029476 for ; Sat, 22 Nov 2003 19:36:04 -0800 (PST) (envelope-from Valdis.Kletnieks@vt.edu) Received: from turing-police.cc.vt.edu (IDENT:valdis@[127.0.0.1]) by turing-police.cc.vt.edu (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id hAN0sN7a019368; Sat, 22 Nov 2003 19:54:24 -0500 Message-Id: <200311230054.hAN0sN7a019368@turing-police.cc.vt.edu> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4+dev To: kaih@khms.westfalen.de (Kai Henningsen) Cc: ietf-smtp@imc.org Subject: Re: limiting SPAM In-Reply-To: Your message of "Sat, 22 Nov 2003 23:15:00 +0200." <8yMQCRHXw-B@khms.westfalen.de> From: Valdis.Kletnieks@vt.edu References: <87ekw02oax.fsf@windlord.stanford.edu> <87ekw02oax.fsf@windlord.stanford.edu> <8yMQCRHXw-B@khms.westfalen.de> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-2028415751P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sat, 22 Nov 2003 19:54:23 -0500 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --==_Exmh_-2028415751P Content-Type: text/plain; charset=us-ascii On Sat, 22 Nov 2003 23:15:00 +0200, kaih@khms.westfalen.de (Kai Henningsen) said: > What's more, a Bayesian filter is able to do more sorting than just spam/ > no spam. That may well come in useful, too. > > Personally, I think we should investigate having those filters available > as a general tool, not just an anti-spam filter. > > Here's an idea: say you are in an IMAP environment. Automatically train a > filter for every IMAP folder a user has, and use that to propose filing > for new messages. (You probably do want the user to confirm or override > your choice, unless he explicitely sets it as automatic.) Been there, done that. Jason Rennie from CMU was doing something along those lines with 'ifile' back in the 96/97 time frame, with the intent of having it learn which folders mail belonged - he was hoping for results like "private reply from somebody you never heard from to a posting you made to ietf-smtp would get filed in your ietf-smtp folder". It was several years later when people realized that "all spam" was a useful thing to train a filter to recognize. --==_Exmh_-2028415751P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/wAU/cC3lWbTT17ARAiqGAJ4isxvx/boBEwa+2bBFUbCwFZRwLwCfRj2h AdKGkUPxSWZfwkekaukON38= =dZB/ -----END PGP SIGNATURE----- --==_Exmh_-2028415751P-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN1NfkT025376 for ; Sat, 22 Nov 2003 17:23:41 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAN1NfNT025375 for ietf-smtp-bks; Sat, 22 Nov 2003 17:23:41 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from nic.funet.fi (nic.funet.fi [193.166.3.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN1NdkT025370 for ; Sat, 22 Nov 2003 17:23:40 -0800 (PST) (envelope-from mea+ietf-smtp@nic.funet.fi) Received: (mea@nic.funet.fi) by nic.funet.fi id S3440AbTKWBXj (ORCPT ); Sun, 23 Nov 2003 03:23:39 +0200 Date: Sun, 23 Nov 2003 03:23:39 +0200 From: Matti Aarnio To: Russ Allbery Cc: ietf-smtp@imc.org Subject: Re: limiting SPAM Message-ID: <20031123032339.S4811@nic.funet.fi> References: <87ekw02oax.fsf@windlord.stanford.edu> <87ekw02oax.fsf@windlord.stanford.edu> <8yMQCRHXw-B@khms.westfalen.de> <87k75srlwf.fsf@windlord.stanford.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit In-Reply-To: <87k75srlwf.fsf@windlord.stanford.edu>; from rra@Stanford.edu on Sat, Nov 22, 2003 at 04:03:44PM -0800 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Sat, Nov 22, 2003 at 04:03:44PM -0800, Russ Allbery wrote: > Kai Henningsen writes: > > > Personally, I think we should investigate having those filters available > > as a general tool, not just an anti-spam filter. > > An interesting question would be "how do I determine if a given DSN is for > mail that I've personally sent?" An MUA that can answer that question and > filter out DSNs that aren't for mail that I've sent would be very useful, > although in some cases it's necessary to reject the mail at the SMTP level > due to the sheer level of traffic when widespread forgery is happening. In ESMTP framework (DSN to be exact), we have this ENVID= thingie. Having a database of sent ENVIDs makes it simple to weed out forgeries. Having limited lifetime (up to a month or two) would limit even replay- forgeries. Of course when an ENVID contained message is sent to a system without DSN support, you get (or don't get, depending on NOTIFY= parameter) info about such relaying, and you won't get DSNs with ENVIDs thereafter. > -- > Russ Allbery (rra@stanford.edu) -- /Matti Aarnio Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN03jkT023189 for ; Sat, 22 Nov 2003 16:03:45 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAN03jx4023188 for ietf-smtp-bks; Sat, 22 Nov 2003 16:03:45 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from smtp3.Stanford.EDU (smtp3.Stanford.EDU [171.67.16.117]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAN03ikT023182 for ; Sat, 22 Nov 2003 16:03:44 -0800 (PST) (envelope-from rra@stanford.edu) Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp3.Stanford.EDU (8.12.10/8.12.10) with SMTP id hAN03i9n026178 for ; Sat, 22 Nov 2003 16:03:45 -0800 Received: (qmail 22964 invoked by uid 1000); 23 Nov 2003 00:03:44 -0000 To: ietf-smtp@imc.org Subject: Re: limiting SPAM In-Reply-To: <8yMQCRHXw-B@khms.westfalen.de> (Kai Henningsen's message of "22 Nov 2003 23:15:00 +0200") References: <87ekw02oax.fsf@windlord.stanford.edu> <87ekw02oax.fsf@windlord.stanford.edu> <8yMQCRHXw-B@khms.westfalen.de> From: Russ Allbery Organization: The Eyrie Date: Sat, 22 Nov 2003 16:03:44 -0800 Message-ID: <87k75srlwf.fsf@windlord.stanford.edu> User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Common Lisp, linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Kai Henningsen writes: > Personally, I think we should investigate having those filters available > as a general tool, not just an anti-spam filter. An interesting question would be "how do I determine if a given DSN is for mail that I've personally sent?" An MUA that can answer that question and filter out DSNs that aren't for mail that I've sent would be very useful, although in some cases it's necessary to reject the mail at the SMTP level due to the sheer level of traffic when widespread forgery is happening. -- Russ Allbery (rra@stanford.edu) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMNbqkT022078 for ; Sat, 22 Nov 2003 15:37:52 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMNbqnA022077 for ietf-smtp-bks; Sat, 22 Nov 2003 15:37:52 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from khms.westfalen.de (khms.westfalen.de [62.153.201.243]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMNbokT022065 for ; Sat, 22 Nov 2003 15:37:50 -0800 (PST) (envelope-from kaih@khms.westfalen.de) Received: from root (helo=khms.westfalen.de) by khms.westfalen.de with local-bsmtp (Exim 4.22) id 1ANhJp-0002gX-RL for ietf-smtp@imc.org; Sun, 23 Nov 2003 00:37:37 +0100 Received: by khms.westfalen.de (CrossPoint v3.12d.kh12 R/C435); 22 Nov 2003 23:15:38 +0200 Date: 22 Nov 2003 23:15:00 +0200 From: kaih@khms.westfalen.de (Kai Henningsen) To: ietf-smtp@imc.org Message-ID: <8yMQCRHXw-B@khms.westfalen.de> References: <87ekw02oax.fsf@windlord.stanford.edu> Subject: Re: limiting SPAM X-Mailer: CrossPoint v3.12d.kh12 R/C435 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Organization: Organisation? Me?! Are you kidding? References: <87ekw02oax.fsf@windlord.stanford.edu> X-No-Junk-Mail: I do not want to get *any* junk mail. Comment: Unsolicited commercial mail will incur an US$100 handling fee per received mail. X-Fix-Your-Modem: +++ATS2=255&WO1 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: rra@Stanford.edu (Russ Allbery) wrote on 22.11.03 in <87ekw02oax.fsf@windlord.stanford.edu>: > Matti Aarnio writes: > > On Sat, Nov 22, 2003 at 10:31:54AM -0500, Richard O. Hammer wrote: > > >> Is there something which prevents spammers from sending their messages > >> with a null reverse path in the envelope? In other words, with > >> MAIL FROM: <> > >> in the SMTP exchange? > >> > >> As I am developing a MTA in which I hope to limit spam by filtering on > >> the reverse path, it looks to me like this opening intended for error > >> messages might be a big hole in my security. > > > We have been traveling for years thru that path. It helps NOTHING. > > Moreover, it prevents legitimate error messages from making through > > to your users, which is getting to be rather serious pain in itself. > > I hate to break this to you, but it helps a lot. Not so much with spam, > but with bounces from forged messages, idiotic virus notifications, and > other sorts of nonsense. Whether or not that's worth the protocol > breakage is, of course, a different question. It would seem to me that a little work with, say, a Bayesian filter would fairly easily distinguish between legitimate and illegitimate empty-path mails, and get most right. And it would also work for the non-empty-path case, too. It seems to me that mechanisms like that are vastly more productive than breaking the protocol. What's more, a Bayesian filter is able to do more sorting than just spam/ no spam. That may well come in useful, too. Personally, I think we should investigate having those filters available as a general tool, not just an anti-spam filter. Here's an idea: say you are in an IMAP environment. Automatically train a filter for every IMAP folder a user has, and use that to propose filing for new messages. (You probably do want the user to confirm or override your choice, unless he explicitely sets it as automatic.) MfG Kai Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMMqYkT020561 for ; Sat, 22 Nov 2003 14:52:34 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMMqX1K020560 for ietf-smtp-bks; Sat, 22 Nov 2003 14:52:34 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMMqWkT020554 for ; Sat, 22 Nov 2003 14:52:32 -0800 (PST) (envelope-from john+smtp@jck.com) Received: from [209.187.148.215] (helo=scan.jck.com) by bs.jck.com with esmtp (Exim 4.10) id 1ANgcE-000JHc-00; Sat, 22 Nov 2003 17:52:34 -0500 Date: Sat, 22 Nov 2003 17:52:34 -0500 From: John C Klensin To: "Richard O. Hammer" , ietf-smtp@imc.org Subject: Re: limiting SPAM Message-ID: <31369396.1069523554@scan.jck.com> In-Reply-To: <3FBFDA7C.7030005@EarthLink.net> References: <3FBF816A.7040606@EarthLink.net> <200311221627.hAMGR37a022800@turing-police.cc.vt.edu> <3FBFDA7C.7030005@EarthLink.net> X-Mailer: Mulberry/3.1.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --On Saturday, 22 November, 2003 16:51 -0500 "Richard O. Hammer" wrote: > >> On Sat, 22 Nov 2003 10:31:54 EST, "Richard O. Hammer" >> said: >>> Is there something which prevents spammers from sending >>> their messages with a null reverse path in the envelope? >>> In other words, with MAIL FROM: <> >>> in the SMTP exchange? > > Thanks to the three who have posted responses to my question. > By reading between the lines I am guessing that there is > indeed nothing, in SMTP or other protocols or standard > infrastructure, to keep spammers from sending their messages > with a null reverse path in the envelope. The defenses > against this kind of abuse are ad hoc, possibly in violation > of an RFC, and continuously being developed and tested by any > who can conceive of ways to deal with it. Is it accurate for > me to surmise that? Yes. More generally, there is nothing that prevents anyone, spammers included, from setting the envelope return path to anything they like. The difficulty with rejecting a message with a null return path (for that reason alone) is that it puts the recipient out of compliance and risks missing important error messages and notifications (including, but not limited to, bounces). > Thank you, > Rich Hammer > 111 W. Corbin St., > Hillsborough, N.C. > mailscreen.net > > (Notice, if you will, an oddity. I have a name and a physical > address. If you feel that I have wronged you, you can come > find me.) And, if you were a spammer, you could supply bogus versions of both, and, if they were required (by law or spam-checking software), almost certainly would. john Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMLq2kT017799 for ; Sat, 22 Nov 2003 13:52:02 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMLq2HH017798 for ietf-smtp-bks; Sat, 22 Nov 2003 13:52:02 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mailscreen.net (user39.net256.nc.sprint-hsd.net [208.17.64.39]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMLpxkT017788 for ; Sat, 22 Nov 2003 13:52:00 -0800 (PST) (envelope-from ROHammer@EarthLink.net) Received: FROM 127.0.0.1 ([127.0.0.1]) BY mailscreen.net FOR ; Sat, 22 Nov 2003 16:51:56 -0500 (EST) Message-ID: <3FBFDA7C.7030005@EarthLink.net> Date: Sat, 22 Nov 2003 16:51:56 -0500 From: "Richard O. Hammer" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-smtp@imc.org Subject: Re: limiting SPAM References: <3FBF816A.7040606@EarthLink.net> <200311221627.hAMGR37a022800@turing-police.cc.vt.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: > On Sat, 22 Nov 2003 10:31:54 EST, "Richard O. Hammer" said: >>Is there something which prevents spammers from sending their messages >>with a null reverse path in the envelope? In other words, with >>MAIL FROM: <> >>in the SMTP exchange? Thanks to the three who have posted responses to my question. By reading between the lines I am guessing that there is indeed nothing, in SMTP or other protocols or standard infrastructure, to keep spammers from sending their messages with a null reverse path in the envelope. The defenses against this kind of abuse are ad hoc, possibly in violation of an RFC, and continuously being developed and tested by any who can conceive of ways to deal with it. Is it accurate for me to surmise that? Thank you, Rich Hammer 111 W. Corbin St., Hillsborough, N.C. mailscreen.net (Notice, if you will, an oddity. I have a name and a physical address. If you feel that I have wronged you, you can come find me.) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMJbikT012036 for ; Sat, 22 Nov 2003 11:37:44 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMJbivm012034 for ietf-smtp-bks; Sat, 22 Nov 2003 11:37:44 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from smtp2.Stanford.EDU (smtp2.Stanford.EDU [171.67.16.116]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMJbgkT012026 for ; Sat, 22 Nov 2003 11:37:42 -0800 (PST) (envelope-from rra@stanford.edu) Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp2.Stanford.EDU (8.12.10/8.12.10) with SMTP id hAMJbhLZ001565 for ; Sat, 22 Nov 2003 11:37:43 -0800 Received: (qmail 19439 invoked by uid 1000); 22 Nov 2003 19:31:02 -0000 To: ietf-smtp@imc.org Subject: Re: limiting SPAM In-Reply-To: <20031122181043.R4811@nic.funet.fi> (Matti Aarnio's message of "Sat, 22 Nov 2003 18:10:43 +0200") References: <3FBF816A.7040606@EarthLink.net> <20031122181043.R4811@nic.funet.fi> From: Russ Allbery Organization: The Eyrie Date: Sat, 22 Nov 2003 11:31:02 -0800 Message-ID: <87ekw02oax.fsf@windlord.stanford.edu> User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Common Lisp, linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Matti Aarnio writes: > On Sat, Nov 22, 2003 at 10:31:54AM -0500, Richard O. Hammer wrote: >> Is there something which prevents spammers from sending their messages >> with a null reverse path in the envelope? In other words, with >> MAIL FROM: <> >> in the SMTP exchange? >> >> As I am developing a MTA in which I hope to limit spam by filtering on >> the reverse path, it looks to me like this opening intended for error >> messages might be a big hole in my security. > We have been traveling for years thru that path. It helps NOTHING. > Moreover, it prevents legitimate error messages from making through > to your users, which is getting to be rather serious pain in itself. I hate to break this to you, but it helps a lot. Not so much with spam, but with bounces from forged messages, idiotic virus notifications, and other sorts of nonsense. Whether or not that's worth the protocol breakage is, of course, a different question. -- Russ Allbery (rra@stanford.edu) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMGRBkT004805 for ; Sat, 22 Nov 2003 08:27:11 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMGRBWp004804 for ietf-smtp-bks; Sat, 22 Nov 2003 08:27:11 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from turing-police.cc.vt.edu (h80ad2678.async.vt.edu [128.173.38.120]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMGR8kT004793 for ; Sat, 22 Nov 2003 08:27:09 -0800 (PST) (envelope-from Valdis.Kletnieks@vt.edu) Received: from turing-police.cc.vt.edu (IDENT:valdis@localhost [127.0.0.1]) by turing-police.cc.vt.edu (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id hAMGR37a022800; Sat, 22 Nov 2003 11:27:03 -0500 Message-Id: <200311221627.hAMGR37a022800@turing-police.cc.vt.edu> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4+dev To: "Richard O. Hammer" Cc: ietf-smtp@imc.org Subject: Re: limiting SPAM In-Reply-To: Your message of "Sat, 22 Nov 2003 10:31:54 EST." <3FBF816A.7040606@EarthLink.net> From: Valdis.Kletnieks@vt.edu References: <3FBF816A.7040606@EarthLink.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_209197554P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sat, 22 Nov 2003 11:27:02 -0500 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --==_Exmh_209197554P Content-Type: text/plain; charset=us-ascii On Sat, 22 Nov 2003 10:31:54 EST, "Richard O. Hammer" said: > Is there something which prevents spammers from sending their messages > with a null reverse path in the envelope? In other words, with > MAIL FROM: <> > in the SMTP exchange? You do that, and I'll be forced to block mail from your site, and toss your domain at the nice guys at http://www.rfc-ignorant.org. I have better things to do than accept mail from sites that won't accept bounce messages back. You send the mail, it bounces, the bounce goes back with a MAIL FROM:<> as per the RFC, and if you don't accept the bounce, then: a) your user never learns they sent to the wrong address and it bounced. b) the double bounce ends up in *my* inbox and I get irate. Unfortunately, any reasonable counter measures here require you to let things go past the DATA step: 1) Check the body of the mail to see if it's either an RFC3491/3492 style DSN or any of the more common non-RFC format bounces (AOL, qmail, and MS Exchange are some of the biggies here). 2) If it isn't a bounce message but has MAIL FROM:<>, toss it. Note that this *WILL* false-positive on some things (most notably, LSoft's Listserv product sends confirmation requests for subscriptions with <>, specifically so if the remote address is bad, it doesn't get a bounce message it doesn't care about). 3) Note that I've *also* already seen spammers sending their spam inside properly formatted bounces, specifically to work around the loophole you're trying to create. --==_Exmh_209197554P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/v45WcC3lWbTT17ARAiY6AKC7RKaFolVeiln6785GpT3Z84nj1ACfRO86 5nzMEdkcXf2a+rSAkDANYQU= =YeuT -----END PGP SIGNATURE----- --==_Exmh_209197554P-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMGAkkT004283 for ; Sat, 22 Nov 2003 08:10:47 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMGAk0p004282 for ietf-smtp-bks; Sat, 22 Nov 2003 08:10:46 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from nic.funet.fi (nic.funet.fi [193.166.3.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMGAjkT004275 for ; Sat, 22 Nov 2003 08:10:45 -0800 (PST) (envelope-from mea+ietf-smtp@nic.funet.fi) Received: (mea@nic.funet.fi) by nic.funet.fi id S19921AbTKVQKn (ORCPT ); Sat, 22 Nov 2003 18:10:43 +0200 Date: Sat, 22 Nov 2003 18:10:43 +0200 From: Matti Aarnio To: "Richard O. Hammer" Cc: ietf-smtp@imc.org Subject: Re: limiting SPAM Message-ID: <20031122181043.R4811@nic.funet.fi> References: <3FBF816A.7040606@EarthLink.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit In-Reply-To: <3FBF816A.7040606@EarthLink.net>; from ROHammer@EarthLink.net on Sat, Nov 22, 2003 at 10:31:54AM -0500 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Sat, Nov 22, 2003 at 10:31:54AM -0500, Richard O. Hammer wrote: > Is there something which prevents spammers from sending their messages > with a null reverse path in the envelope? In other words, with > MAIL FROM: <> > in the SMTP exchange? > > As I am developing a MTA in which I hope to limit spam by filtering on > the reverse path, it looks to me like this opening intended for error > messages might be a big hole in my security. We have been traveling for years thru that path. It helps NOTHING. Moreover, it prevents legitimate error messages from making through to your users, which is getting to be rather serious pain in itself. Faked source addresses are more common in spams than the empty paths, anyway. > Thank you, > Rich Hammer > Hillsborough, N.C. > mailscreen.net -- /Matti Aarnio Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMFW1kT002669 for ; Sat, 22 Nov 2003 07:32:01 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAMFW1fl002668 for ietf-smtp-bks; Sat, 22 Nov 2003 07:32:01 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mailscreen.net (user39.net256.nc.sprint-hsd.net [208.17.64.39]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAMFVwkT002659 for ; Sat, 22 Nov 2003 07:31:59 -0800 (PST) (envelope-from ROHammer@EarthLink.net) Received: FROM 127.0.0.1 ([127.0.0.1]) BY mailscreen.net FOR ; Sat, 22 Nov 2003 10:31:55 -0500 (EST) Message-ID: <3FBF816A.7040606@EarthLink.net> Date: Sat, 22 Nov 2003 10:31:54 -0500 From: "Richard O. Hammer" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-smtp@imc.org Subject: limiting SPAM Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Is there something which prevents spammers from sending their messages with a null reverse path in the envelope? In other words, with MAIL FROM: <> in the SMTP exchange? As I am developing a MTA in which I hope to limit spam by filtering on the reverse path, it looks to me like this opening intended for error messages might be a big hole in my security. Thank you, Rich Hammer Hillsborough, N.C. mailscreen.net Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAE85hkT055894 for ; Fri, 14 Nov 2003 00:05:43 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAE85hV1055893 for ietf-smtp-bks; Fri, 14 Nov 2003 00:05:43 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAE85ekT055866 for ; Fri, 14 Nov 2003 00:05:40 -0800 (PST) (envelope-from ned+ietf-smtp@mrochek.com) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01L2YP8VLIQ800HOW2@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf-smtp@imc.org; Fri, 14 Nov 2003 00:05:37 -0800 (PST) Date: Fri, 14 Nov 2003 00:02:58 -0800 (PST) From: ned+ietf-smtp@mrochek.com Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) In-reply-to: "Your message dated Fri, 14 Nov 2003 00:39:50 +0100" To: Arnt Gulbrandsen Cc: ned+ietf-smtp@mrochek.com, Randall Gellens , Chris Newman , ietf-smtp@imc.org Message-id: <01L302V0JO7Y00HOW2@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: > ned+ietf-smtp@mrochek.com writes: > > Messing with the syntax is a really bad idea IMO. I understand that > > there is some discomfort in embedding information in tokens like > > this, but it has the feature that it beats the alternatives. > And the feature of production code. > > I might feel differently if I felt this was going to turn into a > > completely open-ended thing. But I see little chance of our adding > > additional orthogonal security facilities to SMTP in the future. What > > you see is all there is. > Sure? Given the incredible difficulty involved in creating and standardizing new facilities of this sort, yes, I'm reasonably sure. > If Submit warrants adding two/four more tokens (see private mail from > Chris), clearly extensions other than security facilities can add > tokens. > I do hope there won't be more of these tokens, but I won't be surprised > if future i-d authors have very fertile imagination. The designers of > RMX, DMP and SPF spring to mind. These are all sender verification schemes, not protocol extensions that make sense to indicate in the protocol name token. Ned Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADNZokT084655 for ; Thu, 13 Nov 2003 15:35:50 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hADNZoWC084654 for ietf-smtp-bks; Thu, 13 Nov 2003 15:35:50 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from melkebalanse.gulbrandsen.priv.no (melkebalanse.gulbrandsen.priv.no [217.19.171.131]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADNZjkT084627 for ; Thu, 13 Nov 2003 15:35:50 -0800 (PST) (envelope-from arnt@gulbrandsen.priv.no) Message-Id: From: Arnt Gulbrandsen To: ned+ietf-smtp@mrochek.com Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) Cc: Randall Gellens , Chris Newman , ietf-smtp@imc.org References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> In-Reply-To: <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> Content-Type: text/plain; format=flowed MIME-Version: 1.0 Date: Fri, 14 Nov 2003 00:39:50 +0100 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: ned+ietf-smtp@mrochek.com writes: > Messing with the syntax is a really bad idea IMO. I understand that > there is some discomfort in embedding information in tokens like > this, but it has the feature that it beats the alternatives. And the feature of production code. > I might feel differently if I felt this was going to turn into a > completely open-ended thing. But I see little chance of our adding > additional orthogonal security facilities to SMTP in the future. What > you see is all there is. Sure? If Submit warrants adding two/four more tokens (see private mail from Chris), clearly extensions other than security facilities can add tokens. I do hope there won't be more of these tokens, but I won't be surprised if future i-d authors have very fertile imagination. The designers of RMX, DMP and SPF spring to mind. --Arnt Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADKjFkT077292 for ; Thu, 13 Nov 2003 12:45:15 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hADKjF6g077291 for ietf-smtp-bks; Thu, 13 Nov 2003 12:45:15 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from ithilien.qualcomm.com (ithilien.qualcomm.com [129.46.51.59]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADKjDkT077286 for ; Thu, 13 Nov 2003 12:45:14 -0800 (PST) (envelope-from randy@qualcomm.com) Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hADKjD4t000384; Thu, 13 Nov 2003 12:45:13 -0800 (PST) Received: from [130.129.134.206] (vpn-10-50-0-62.qualcomm.com [10.50.0.62]) by crowley.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hADKj8hk017536; Thu, 13 Nov 2003 12:45:10 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> X-Mailer: Eudora for Mac OS X v6.1a Date: Thu, 13 Nov 2003 12:38:52 -0800 To: ned.freed@mrochek.com, Randall Gellens From: Randall Gellens Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) Cc: Chris Newman , ietf-smtp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 10:56 AM -0800 11/13/03, ned.freed@mrochek.com wrote: > Messing with the syntax is a really bad idea IMO. I understand that there > is some discomfort in embedding information in tokens like this, but > it has the feature that it beats the alternatives. > > I might feel differently if I felt this was going to turn into a completely > open-ended thing. But I see little chance of our adding additional > orthogonal security facilities to SMTP in the future. What you see is all > there is. That's really the key: are there going to be more in the future? I can't see any, but who knows? Probably the right answer is to add SMTPAUTH and STARTTLS as in Chris' draft, and if at some point in the future we need to add a new orthogonal one, make a syntax change then. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- Good news. Ten weeks from Friday will be a pretty good day. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADIx4kT072231 for ; Thu, 13 Nov 2003 10:59:04 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hADIx4q0072230 for ietf-smtp-bks; Thu, 13 Nov 2003 10:59:04 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mauve.mrochek.com (mauve.mrochek.com [209.55.107.55]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADIx2kT072223 for ; Thu, 13 Nov 2003 10:59:03 -0800 (PST) (envelope-from ned+ietf-smtp@mrochek.com) Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01L2Z7FTPVNK00NZA5@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf-smtp@imc.org; Thu, 13 Nov 2003 10:59:02 -0800 (PST) Date: Thu, 13 Nov 2003 10:56:07 -0800 (PST) From: ned+ietf-smtp@mrochek.com Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) In-reply-to: "Your message dated Thu, 13 Nov 2003 07:33:53 -0800" To: Randall Gellens Cc: Chris Newman , ietf-smtp@imc.org Message-id: <01L2ZBDTCO5I00NZA5@mauve.mrochek.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: > I wonder if ESMTPA, ESMTPS, and ESMTPSA (and the same for LMTP) is > the best way to go; I know we're restricted to an ATOM in 2821, but > perhaps this could be relaxed either by allowing additional ATOMs for > WITH or by adding a new OPT-INFO clause such as USING; either way we > could indicate SMTPAUTH and STARTTLS using separate flags to make > combining them easier (especially if something new comes along). Messing with the syntax is a really bad idea IMO. I understand that there is some discomfort in embedding information in tokens like this, but it has the feature that it beats the alternatives. I might feel differently if I felt this was going to turn into a completely open-ended thing. But I see little chance of our adding additional orthogonal security facilities to SMTP in the future. What you see is all there is. Ned Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADFZUkT062795 for ; Thu, 13 Nov 2003 07:35:30 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hADFZUn1062794 for ietf-smtp-bks; Thu, 13 Nov 2003 07:35:30 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from numenor.qualcomm.com (numenor.qualcomm.com [129.46.51.58]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADFZTkT062788 for ; Thu, 13 Nov 2003 07:35:29 -0800 (PST) (envelope-from randy@qualcomm.com) Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hADFZSVY018909 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 Nov 2003 07:35:28 -0800 (PST) Received: from [130.129.134.206] (vpn-10-50-0-26.qualcomm.com [10.50.0.26]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hADFZOFB025559; Thu, 13 Nov 2003 07:35:25 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> X-Mailer: Eudora for Mac OS X v6.1a Date: Thu, 13 Nov 2003 07:33:53 -0800 To: Chris Newman , ietf-smtp@imc.org From: Randall Gellens Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I wonder if ESMTPA, ESMTPS, and ESMTPSA (and the same for LMTP) is the best way to go; I know we're restricted to an ATOM in 2821, but perhaps this could be relaxed either by allowing additional ATOMs for WITH or by adding a new OPT-INFO clause such as USING; either way we could indicate SMTPAUTH and STARTTLS using separate flags to make combining them easier (especially if something new comes along). -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- I've been good, and I've been bad, but common sense I never had. --New Order, "Shellshock" Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hABKUJkT019902 for ; Tue, 11 Nov 2003 12:30:19 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hABKUJ02019901 for ietf-smtp-bks; Tue, 11 Nov 2003 12:30:19 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from turing-police.cc.vt.edu (h80ad279a.async.vt.edu [128.173.39.154]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hABKUGkT019891 for ; Tue, 11 Nov 2003 12:30:17 -0800 (PST) (envelope-from Valdis.Kletnieks@vt.edu) Received: from turing-police.cc.vt.edu (IDENT:valdis@localhost [127.0.0.1]) by turing-police.cc.vt.edu (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id hABKUBA8032403; Tue, 11 Nov 2003 15:30:11 -0500 Message-Id: <200311112030.hABKUBA8032403@turing-police.cc.vt.edu> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4+dev To: "B. Johannessen" Cc: ietf-smtp@imc.org Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) In-Reply-To: Your message of "Tue, 11 Nov 2003 19:52:48 GMT." <1068580367.4447.108.camel@babe.h.db.org> From: Valdis.Kletnieks@vt.edu References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> <200311101700.hAAH0Fwi003503@turing-police.cc.vt.edu> <1068580367.4447.108.camel@babe.h.db.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1781307577P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 11 Nov 2003 15:30:11 -0500 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --==_Exmh_1781307577P Content-Type: text/plain; charset=us-ascii On Tue, 11 Nov 2003 19:52:48 GMT, "B. Johannessen" said: > I've suggested recommending the use of the new transmission type names > for updated products that *already* uses the mechanisms covered by the > draft. Something like "New and updated implementations SHOULD use the > new transmission type names when accepting mail via one of the described > transmission methods". > > I don't think anyone is suggestion *this* draft is a proper place to > recommend the use of TLS and friends. Nevermind :) I misread Chris Newman's comments that way, I conglomerated "transmission types" and "labels for transmission types".... --==_Exmh_1781307577P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/sUbTcC3lWbTT17ARAtvpAKDdh5uvjQ/UMU6wLgA/oGdduX25YACgyGfW s3l1/jlD2yiknJYPGn+3DZE= =qwAo -----END PGP SIGNATURE----- --==_Exmh_1781307577P-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hABJqOkT018126 for ; Tue, 11 Nov 2003 11:52:24 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hABJqObx018125 for ietf-smtp-bks; Tue, 11 Nov 2003 11:52:24 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mail.db.org (jeckyll.uw.no [195.159.29.203]) by above.proper.com (8.12.10/8.12.8) with SMTP id hABJqMkT018110 for ; Tue, 11 Nov 2003 11:52:23 -0800 (PST) (envelope-from bob@db.org) Received: (qmail 378 invoked from network); 11 Nov 2003 19:52:13 -0000 Received: from ti122110a080-0701.bb.online.no (HELO babe.h.db.org) (bob@80.213.194.189) by mail.db.org with SMTP; 11 Nov 2003 19:52:13 -0000 Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) From: "B. Johannessen" To: ietf-smtp@imc.org In-Reply-To: <200311101700.hAAH0Fwi003503@turing-police.cc.vt.edu> References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> <200311101700.hAAH0Fwi003503@turing-police.cc.vt.edu> Content-Type: text/plain Organization: http://db.org/ Message-Id: <1068580367.4447.108.camel@babe.h.db.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 11 Nov 2003 19:52:48 +0000 Content-Transfer-Encoding: 7bit Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Mon, 2003-11-10 at 17:00, Valdis.Kletnieks@vt.edu wrote: > On Mon, 10 Nov 2003 10:08:15 CST, Chris Newman said: > > One suggestion I've had through private mail is to add explicit text > > recommending the use of these transmission types in new email software. > > Now *this* is a can of worms. ;) I've suggested recommending the use of the new transmission type names for updated products that *already* uses the mechanisms covered by the draft. Something like "New and updated implementations SHOULD use the new transmission type names when accepting mail via one of the described transmission methods". I don't think anyone is suggestion *this* draft is a proper place to recommend the use of TLS and friends. Bob -- --=[ B. Johannessen | bob@db.org | http://db.org/ | +4797152009 ]=-- ----=[ uptime: 1 day, 21:25 | load: 0.03 | inbox: 0 messages ]=----- ---------------=[xmms: Manau - Le Chant des Druides]=--------------- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAAH0IkT081881 for ; Mon, 10 Nov 2003 09:00:18 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAAH0Ixn081880 for ietf-smtp-bks; Mon, 10 Nov 2003 09:00:18 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from turing-police.cc.vt.edu (turing-police.cc.vt.edu [128.173.14.107]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAAH0HkT081872 for ; Mon, 10 Nov 2003 09:00:17 -0800 (PST) (envelope-from Valdis.Kletnieks@vt.edu) Received: from turing-police.cc.vt.edu (IDENT:valdis@localhost [127.0.0.1]) by turing-police.cc.vt.edu (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id hAAH0Fwi003503; Mon, 10 Nov 2003 12:00:15 -0500 Message-Id: <200311101700.hAAH0Fwi003503@turing-police.cc.vt.edu> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4+dev To: Chris Newman Cc: ietf-smtp@imc.org Subject: Re: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) In-Reply-To: Your message of "Mon, 10 Nov 2003 10:08:15 CST." <2147483647.1068458895@dyn130-205.ietf58.ietf.org> From: Valdis.Kletnieks@vt.edu References: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1609247035P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 10 Nov 2003 12:00:15 -0500 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --==_Exmh_-1609247035P Content-Type: text/plain; charset=us-ascii On Mon, 10 Nov 2003 10:08:15 CST, Chris Newman said: > > I wanted to bring this last call to the attention of this list to make sure we > have rough consensus. The draft as it stands looks OK to me, as it only adds registry values to document existing practice. > One suggestion I've had through private mail is to add explicit text > recommending the use of these transmission types in new email software. Now *this* is a can of worms. ;) Yes, I think the world would be a better place if we all did this, but there's operational concerns. The biggest that I'm familiar with (since I've been bit by it several times) is that STARTTLS usually requires a certificate in order to get itself launched (yes, I know there's a few modes like Diffie Hellman that don't require a cert, but they have problematic support out in the real world). The quick and easy solution is to simply crank out a self-signed cert. The problem is that at least one widely used MUA chokes and throws up a confusing "unknown cert" box to the user if they try to post to a mail server that's doing that. Now mind you, I think in most cases the added security benefit of a actual CA-signed cert is minimal (Hint - when was the last time you went and clicked on the little padlock icon in your browser and verified the site you were talking to really was the right site?), so I'm more interested in the effects widespread crypto has on traffic analysis (it's no secret that I trust my current government less than I trust the terrorists out there). On the other hand, we *do* need to be aware of the operational implications - the effect on already-distributed broken MUA's was one of the primary reasons why Sendmail 8.12 didn't include this as a default. --==_Exmh_-1609247035P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/r8QfcC3lWbTT17ARAo0eAJ9uvUCSHNQ15B4rtZoXm1Vzn7KXpwCbBXYA Btdqd/OtFIXvDdLHnoJHEUk= =RAwk -----END PGP SIGNATURE----- --==_Exmh_-1609247035P-- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAAG8FkT079660 for ; Mon, 10 Nov 2003 08:08:15 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAAG8FxU079659 for ietf-smtp-bks; Mon, 10 Nov 2003 08:08:15 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAAG8EkT079654 for ; Mon, 10 Nov 2003 08:08:15 -0800 (PST) (envelope-from Chris.Newman@Sun.COM) Received: from esunmail ([129.147.156.34]) by brmea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id hAAG8FPh010273 for ; Mon, 10 Nov 2003 09:08:15 -0700 (MST) Received: from xpa-fe1 (esunmail [129.147.156.34]) by edgemail1.Central.Sun.COM (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HO5007698TRM4@edgemail1.Central.Sun.COM> for ietf-smtp@imc.org; Mon, 10 Nov 2003 09:08:15 -0700 (MST) Received: from dyn130-205.ietf58.ietf.org ([130.129.130.205]) by mail.sun.net (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTPSA id <0HO500JTZ8TOR9@mail.sun.net> for ietf-smtp@imc.org; Mon, 10 Nov 2003 09:08:15 -0700 (MST) Date: Mon, 10 Nov 2003 10:08:15 -0600 From: Chris Newman Subject: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard (fwd) To: ietf-smtp@imc.org Message-id: <2147483647.1068458895@dyn130-205.ietf58.ietf.org> MIME-version: 1.0 X-Mailer: Mulberry/3.1.0b9 (Mac OS X) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: I wanted to bring this last call to the attention of this list to make sure we have rough consensus. One suggestion I've had through private mail is to add explicit text recommending the use of these transmission types in new email software. - Chris ---------- Forwarded Message ---------- Date: Thursday, November 6, 2003 16:16 -0500 From: The IESG To: IETF-Announce Subject: Last Call: 'ESMTP and LMTP Transmission Types Registration' to Proposed Standard The IESG has received a request from an individual submitter to consider the following document: - 'ESMTP and LMTP Transmission Types Registration ' as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send any comments to the iesg@ietf.org or ietf@ietf.org mailing lists by 2003-12-04. The file can be obtained via http://www.ietf.org/internet-drafts/draft-newman-esmtpsa-01.txt ---------- End Forwarded Message ---------- Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAA4SqkT052184 for ; Sun, 9 Nov 2003 20:28:52 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAA4SqSb052183 for ietf-smtp-bks; Sun, 9 Nov 2003 20:28:52 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from numenor.qualcomm.com (numenor.qualcomm.com [129.46.51.58]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAA4SkkT052178 for ; Sun, 9 Nov 2003 20:28:46 -0800 (PST) (envelope-from randy@qualcomm.com) Received: from sabrina.qualcomm.com (sabrina.qualcomm.com [129.46.61.150]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hAA4SlVY010945 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 9 Nov 2003 20:28:47 -0800 (PST) Received: from [12.162.212.214] (vpn-10-50-0-11.qualcomm.com [10.50.0.11]) by sabrina.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id hAA4Sb0O006972; Sun, 9 Nov 2003 20:28:43 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: <20031027201245.H21101@nic.funet.fi> References: <001701c39cb1$02d53ee0$3ce62a0f@nt23060> <20031027201245.H21101@nic.funet.fi> X-Mailer: Eudora for Mac OS X v6.1a Date: Sun, 9 Nov 2003 20:26:01 -0800 To: Matti Aarnio , Madan Ganesh Velayudham From: Randall Gellens Subject: Re: Deliver-qmails-ondemand Cc: ietf-smtp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: At 8:12 PM +0200 10/27/03, Matti Aarnio wrote: > > Please share your comments on the attached draft. > > First and foremost, how does this differ from ETRN as is > defined in RFC 1985 ? Plus ATRN in RFC 2645, but in this case ETRN is probably the more appropriate command. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- The attention span of a computer is only as long as its electrical cord. Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hA80W3kT059103 for ; Fri, 7 Nov 2003 16:32:03 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hA80W39T059102 for ietf-smtp-bks; Fri, 7 Nov 2003 16:32:03 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hA80W2kT059097 for ; Fri, 7 Nov 2003 16:32:02 -0800 (PST) (envelope-from klensin@jck.com) Received: from bs.jck.com ([209.187.148.211] helo=localhost.jck.com) by bs.jck.com with esmtp (Exim 4.10) id 1AIH1I-0004Ev-00; Fri, 07 Nov 2003 19:32:04 -0500 Date: Fri, 07 Nov 2003 19:32:02 -0500 From: John C Klensin To: "Richard O. Hammer" , ietf-smtp@imc.org Subject: Re: limit on length of email address? Message-ID: <1160559.1068233522@localhost.jck.com> In-Reply-To: <3FAC3441.4000802@EarthLink.net> References: <3FAC3441.4000802@EarthLink.net> X-Mailer: Mulberry/3.1.0b9 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: RFC 2821 imposes minimums on the number of characters an SMTP system must support in the local-part and the Domain. For most purposes, those numbers are the maximums you are looking for. john --On Friday, November 07, 2003 19:09 -0500 "Richard O. Hammer" wrote: > > In RFC 2821 4.1.2, I see > Mailbox = Local-part "@" Domain > > Is there a limit somewhere on the length of Mailbox, > Local-part, and/or Domain? > > Thank you, > Rich Hammer > Hillsborough, N.C. > Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hA809kkT058154 for ; Fri, 7 Nov 2003 16:09:46 -0800 (PST) (envelope-from owner-ietf-smtp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hA809kfb058153 for ietf-smtp-bks; Fri, 7 Nov 2003 16:09:46 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f Received: from mailscreen.net (user7.net405.nc.sprint-hsd.net [65.40.90.7]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hA809hkT058145 for ; Fri, 7 Nov 2003 16:09:44 -0800 (PST) (envelope-from ROHammer@EarthLink.net) Received: FROM 127.0.0.1 ([127.0.0.1]) BY mailscreen.net FOR ; Fri, 7 Nov 2003 19:09:39 -0500 (EST) Message-ID: <3FAC3441.4000802@EarthLink.net> Date: Fri, 07 Nov 2003 19:09:37 -0500 From: "Richard O. Hammer" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-smtp@imc.org Subject: limit on length of email address? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-smtp@mail.imc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: In RFC 2821 4.1.2, I see Mailbox = Local-part "@" Domain Is there a limit somewhere on the length of Mailbox, Local-part, and/or Domain? Thank you, Rich Hammer Hillsborough, N.C.