Your message dated: Wed, 07 May 1997 19:54:40 +0200
> All you have to do then is ignore the source route, which is allowed by
> RFC1123. I cannot think of any reason why ignoring the source route would
> not address your concerns.
See my previous response. I don't feel I have anything more
to say on that subject than I've already said.
> Incidentally, if a spammer doesn't want to
> deal with bounces, there is MAIL FROM:<>... Or did AOL also start
> rejecting such messages? This would make AOL useless for managing a
> mailing list, among other things.
We continue to be compliant with RFC 1123, section 5.2.9.
That will not change.
In fact, I recently pointed out the necessity to comply with
this particular part of RFC 1123 to a security expert who is in the
process of making enhancements to "smap", to allow it to make more
intelligent decisions about what kind of messages to accept or refuse
(dealing with all the same issues I've already solved here at AOL
with various sendmail rewrite rules, but instead dealing with them
in another product).
Source routes in the domain portion are inherently evil beyond
reproach, and there's nothing you can do to convince me that they
should not be rejected out of hand. Any system that actively
propagates this kind of behaviour is likewise inherently evil.
Any system that passively allows this kind of behaviour needs to
be fixed.
> > Essentially as much has been observed by various Internet mail
> >experts, many of whom are working on drafting the upcoming standards.
>
> Brad, maybe I'm not reading this in the light in which it was meant, but
> there are probably more Internet mail experts among the people you are
> sending this message to than in the group you mentioned, and as you know
> technical people tend to be independent thinkers.
There are "Internet mail experts" the world over, and as you
observe elsewhere in your own message, some of them have some pretty
bizarre ideas of what should and should not be done. In fact, I'm
certain that many feel this way about me. So be it.
However, this is a particular behaviour that has been deprecated
for at least six years (RFC 1123, section 5.2.6, as clearly pointed
out by Valdis), and it's time that it went completely away.
I can't think of too many Internet mail experts that would argue
that point, although they may argue that I'm being too vehement or
otherwise jumping the gun.
> It also
> doesn't make much sense to ask people to submit to the wisdom of a task
> force working on new Internet drafts which may or may not become Internet
> standards in a couple years, let alone industry standards, when at the
> same time you refuse to submit to the wisdom of existing Internet
> standards with their existing user base.
The principle specifically laid out in section 7.5 of
draft-ietf-drums-smtpupd-04.txt is one that has been around far
longer than that, in fact far longer than the Internet itself.
It's been around as long as there have been personal and
group property laws, and is based on the concept of "trespass"
(specifically, "trespass of chattels") and the right for me (or my
company) to do with my own property what I choose (or my company
chooses).
In this particular case, it is an operational issue that
threatens the very existance of the AOL mail system, and we *cannot*
afford to allow it to continue unabated in this fashion.
Although I recommended this course of action, I am certainly
by no means alone here in my desire to implement these kinds of
protections. Management pushed for it about as hard as I have.
> LISTSERV does not generate source routes, nor has it ever done that. Even
> back in 1986, LISTSERV had a strong no-source-routes stance. However, if
> presented with a source route it does ignore it gracefully, as you would
> expect. The source routes come from LMail, a MTA for VM (also from
> L-Soft) which can be configured to implement the original RFC821 reverse
> path behaviour where you insert source routes in the MAIL FROM: address
> (at no point is a source route added to the RFC822 header).
I'm sorry if I mistakenly pointed the finger at Listserv,
instead of LMail.
Whatever the L-Soft system is that can potentially generate
source-routed envelope addresses, I would like to make sure that
current and future versions have that feature default to "off"
(which appears to already be the case, given your other comments).
As far as I'm concerned, this one particular concern of mine
is moot.
> Even setting aside the fact that the standards require AOL to accept this
> syntax, it just does not make any technical sense to reject it, and it
> leads to the loss of legitimate mail for AOL's customers.
There is nothing in any law that requires me (or my company)
to pay to accept messages that are in a format (and/or quantity)
such that they threaten the very existance of my property (or the
property of my company). There is no protocol on the planet that
can legitimately likewise claim to make that kind of stipulation.
In fact, there is a law *against* compelling me to pay to
accept a message from someone else, and is the basis for much of
the current anti-junkmail lawsuits that are pending.
However, this isn't a junkmail issue per se, it's an operational
systems issue regarding our right to protect the very existance of
our private property (the same private property that our customers
depend on).
--
Brad Knowles MIME/PGP: [log in to unmask]
Senior Unix Administrator <http://www.his.com/~brad/>
<http://swissnet.ai.mit.edu:11371/pks/lookup?op=get&search=0xE38CCEF1>
|