On Thu, 08 May 1997 14:44:32 EDT, Brad Knowles said:
> The concept presented in section 7.5 of
> draft-ietf-drums-smtpupd-04.txt is older than the Internet itself.
> It's been around as long as personal and group property laws have been
> in existance.
>
> Specifically, it's based on the "trespass against chattels"
> issue, which has been the basis of a number of legal cases against
> junkmailers.
If you can find a citation that says that it's legal for an entity to
refuse payment for a debt merely because the person uses twenty dollar
bills to do so, and you will only accept one, five, and fifty dollar
bills (modulo rulings regarding paying in pennies, etc), I'll be more
willing to listen. Currently, source routes are in the same category
as $2 US bills - you don't see them often, but they're still legal
tender.
> In this specific case, I regret that a small number of legitimate
> mail messages will be caught by this measure we've taken to protect
> the AOL mail system, but when you do the cost/benefits analysis of
> the value of those few messages to the value of the entire AOL mail
> system (and the value of that system to our eight million users),
> you'll see that we simply had no choice.
Tell you what Brad - if you explain to me in technical terms *why* you
had no choice (specifically, why it was *NOT* an option to accept and
then discard the source route, as is permitted by RFC1123), I'll be
more than happy to shut up.
Please note that most of the complaints of bounced mail I've seen were
of the form MAIL FROM:<@host1:user@host2>, where either host1 and
host2 were identical literals (so it is perfectly safe to just discard
the @host1: part), or host1 and host2 were in the same domain, and
host1 was a mail gateway for host2. In this case, discarding the
@host1: is probably safe as well, as either host2 will accept mail or
the MX entry for it will point back to host1 anyhow.
Perhaps a more reasonable policy would be to reject source-routed mail
only if a comparison of host1 and host2 indicates a probable spamming
attempt through a relay (for instance, if they do not match to at
least a second level domain.name). That would be, to me, a policy
based rejection, not a rejection based merely on use of valid syntax.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
|