Re: MLM subaddress requirement

Valdis.Kletnieks@vt.edu Tue, 05 August 1997 20:41 UTC

Received: from cnri by ietf.org id aa28438; 5 Aug 97 16:41 EDT
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by cnri.reston.va.us (8.8.5/8.7.3) with ESMTPid QAA14242; Tue, 5 Aug 1997 16:39:39 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.5/8.7.3) id MAA11718 for ietf-822-bks; Tue, 5 Aug 1997 12:59:03 -0700 (PDT)
Received: from black-ice.cc.vt.edu (black-ice.cc.vt.edu [128.173.14.71]) by mail.proper.com (8.8.5/8.7.3) with ESMTP id MAA11714 for <ietf-822@imc.org>; Tue, 5 Aug 1997 12:58:59 -0700 (PDT)
Received: from black-ice.cc.vt.edu (LOCALHOST [127.0.0.1]) by black-ice.cc.vt.edu (8.8.7/8.8.7) with ESMTP id QAA16636 for <ietf-822@imc.org>; Tue, 5 Aug 1997 16:03:11 -0400
Message-Id: <199708052003.QAA16636@black-ice.cc.vt.edu>
To: ietf-822@imc.org
Subject: Re: MLM subaddress requirement
In-Reply-To: Your message of "Tue, 05 Aug 1997 10:20:58 PDT." <Pine.SOL.3.95.970805095709.18393D-100000@eleanor.innosoft.com>
From: Valdis.Kletnieks@vt.edu
X-Url: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#; 3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t( ^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-) %9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <Pine.SOL.3.95.970805095709.18393D-100000@eleanor.innosoft.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_739160646P"; micalg="pgp-md5"; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 05 Aug 1997 16:03:10 -0400
Sender: owner-ietf-822@imc.org
Precedence: bulk

On Tue, 05 Aug 1997 10:20:58 PDT, Chris Newman said:
> What is the purpose of restricting postings based on the envelope address?
> It's obviously *not* a security issue as anyone can generate email from
> any address trivially (own a copy of Netscape?).  I claim the primary
> purpose is to reduce spam.  Permitting postings from user if user+foo is
> subscribed has no impact on this primary purpose.

ARGH!!!

How many times do I have to say this?

*YOU* *DO* *NOT* *KNOW* if 'user' and 'user+foo' are in fact the same
address or not.  You cannot tell if the remote system sending the mail is
or is not using your extension.

This applies to *ALL* interactions with an MLM, not just posting.  Subscribing,
unsubscribing, requesting archive - which may be private and/or sensitive.

I'll let *YOU* deal with the irate phone calls because one user got a
corporate-sensitive archive he should not have been able to, just because
his site did *NOT* use your subaddressing scheme and your MLM assumed it did.

Until you explain how a MLM can *tell* that a given address is or
is not using subadressing, you MAY NOT (rfc2119 sense) give a MLM any
right to guess/assume/pull-out-of-its-rectum any decision based on the
"fact" that an address that contains a '+' is in fact using subaddressing.

Have I made this clear? YOU CANNOT REQUIRE OR EVEN SUGGEST THAT AN MLM
DO ANYTHING WITH SUBADDRESSING UNLESS IT IS EITHER A 'MUST' STANDARD OR
YOU HAVE A WAY OF TELLING ON THE FLY IF THE REMOTE SITE SUPPORTS IT.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech