On Wed, 07 May 1997 16:14:03 -0400 Brad Knowles <[log in to unmask]> said: >> All you have to do then is ignore the source route, which is allowed >> by RFC1123. I cannot think of any reason why ignoring the source route >> would not address your concerns. > > See my previous response. I don't feel I have anything more to say >on that subject than I've already said. I must be dumb then, because I don't see anything in your previous message which explains why you can't just ignore the source route per RFC1123. What I did read your previous message is that honouring the source route creates a problem for you because spammers have used it to request that bounces be sent through a system whose SMTP port is always down, which I imagine would create quite a big queue for you. Obviously if you ignore the source route this no longer happens. Equally obviously, spammers can use a MAIL FROM: address pointing to a cisco but without a source route, or they can use the percent-hack. This looks like a non-solution with the side effect of discarding legitimate mail. Where I come from, this is called a Bad Thing. > Source routes in the domain portion are inherently evil beyond >reproach, and there's nothing you can do to convince me that they should >not be rejected out of hand. Any system that actively propagates this >kind of behaviour is likewise inherently evil. Any system that passively >allows this kind of behaviour needs to be fixed. Well Brad, just don't get all surprised the next time the usual AOL bashing gang flames you :-) They are usually wrong, but this time they will be right. > However, this is a particular behaviour that has been deprecated for >at least six years (RFC 1123, section 5.2.6, as clearly pointed out by >Valdis), and it's time that it went completely away. Fine, but the part I don't really understand here is why AOL's customers should suffer because of Brad Knowles' personal crusade against source routes. Until I hear a TECHNICAL explanation for why AOL cannot comply with RFC1123 and throw away the source route part, I will remain of the technical opinion that AOL customers have nothing to gain and everything to lose from this decision. I am perfectly willing to admit that I was wrong if I hear a compelling technical argument, but right now all I've heard is that it would threaten AOL's operations for reasons that have already been stated, except I just can't seem to find or understand these reasons. Come to think about it, you can actually prove the opposite. If it is possible to severely impact AOL by sending a spam message with MAIL FROM:<@xxx:yyy> that AOL would internally convert to MAIL FROM:<yyy>, then obviously it is possible to severely impact AOL by sending the same spam message but with MAIL FROM:<yyy>, which AOL does accept. Yes? > Whatever the L-Soft system is that can potentially generate >source-routed envelope addresses, I would like to make sure that current >and future versions have that feature default to "off" (which appears to >already be the case, given your other comments). Yes, this has been the case for years. I doubt more than a handful of sites still have the old settings. > There is nothing in any law that requires me (or my company) to pay >to accept messages that are in a format (and/or quantity) such that they >threaten the very existance of my property (or the property of my >company). Well, if the one sender, 2-3 legitimate recipient messages in question threaten the very existence of your property, I think you need to upgrade to less vulnerable property :-) Anyway, sure, I'm happy to concede that you have the legal right to throw away any and all mail addressed to AOL, just as Compuserve's marketing department has the legal right to organize a party to rejoice over the opportunities that you have opened for them today. This discussion is clearly not going anywhere and unless it gets more technical quickly I suggest we all go home and forget about it. Eric