On Thu, 08 May 1997 14:44:32 EDT, Brad Knowles said: > The concept presented in section 7.5 of > draft-ietf-drums-smtpupd-04.txt is older than the Internet itself. > It's been around as long as personal and group property laws have been > in existance. > > Specifically, it's based on the "trespass against chattels" > issue, which has been the basis of a number of legal cases against > junkmailers. If you can find a citation that says that it's legal for an entity to refuse payment for a debt merely because the person uses twenty dollar bills to do so, and you will only accept one, five, and fifty dollar bills (modulo rulings regarding paying in pennies, etc), I'll be more willing to listen. Currently, source routes are in the same category as $2 US bills - you don't see them often, but they're still legal tender. > In this specific case, I regret that a small number of legitimate > mail messages will be caught by this measure we've taken to protect > the AOL mail system, but when you do the cost/benefits analysis of > the value of those few messages to the value of the entire AOL mail > system (and the value of that system to our eight million users), > you'll see that we simply had no choice. Tell you what Brad - if you explain to me in technical terms *why* you had no choice (specifically, why it was *NOT* an option to accept and then discard the source route, as is permitted by RFC1123), I'll be more than happy to shut up. Please note that most of the complaints of bounced mail I've seen were of the form MAIL FROM:<@host1:user@host2>, where either host1 and host2 were identical literals (so it is perfectly safe to just discard the @host1: part), or host1 and host2 were in the same domain, and host1 was a mail gateway for host2. In this case, discarding the @host1: is probably safe as well, as either host2 will accept mail or the MX entry for it will point back to host1 anyhow. Perhaps a more reasonable policy would be to reject source-routed mail only if a comparison of host1 and host2 indicates a probable spamming attempt through a relay (for instance, if they do not match to at least a second level domain.name). That would be, to me, a policy based rejection, not a rejection based merely on use of valid syntax. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech