Re: [apps-discuss] Review of: draft-ietf-appsawg-malformed-mail-03

[Ned Freed <ned.freed@mrochek.com>]

> On Sat, May 18, 2013 at 8:00 PM, John R Levine <johnl@taugh.com> wrote:

> > With it refreshed and with all the new content, I'd love to have some more
> >>> reviews of it in its current form.
> >>>
> >>
> > Well, since you asked.
> >
> > I'm looking at the whole thing and I have to say I don't understand the
> > point of sections 4 and 5.  I understand that Exchange and Outlook smash
> > messages into an internal format and sort of reconstruct the original,
> > sometimes, but I can't tell whether that's what you're referring to or
> > something else.
> >

> > I think sec 4 is trying to say mail software may have a variety of
> > internal representations, but all we're talking about here are messages
> > interchanged in what purports to be 5322 (or its predecessors) format.
> >


> Consider a system that has several independent filtering modules.  It's
> important that the modules don't change the content as it passes from one
> to the next as doing so might obscure something that the next module might
> consider reject-worthy.  Therefore, whatever transformations need to be
> done have to be kept internal to the module and not released as the "real"
> content.

It's nowhere near this simple. Sometimes you want filtering modules exposed
to unadulterated content. One way to arrange for that is preclude any
changes, but another is to run the modules in parallel. After all, if they're
not talking to each other, why wouldn't you want them to run simultaneously?

But other times you want them to be able to pass information to each other.
Unfortunately that often can only be done by adding headers. And there are
even times when you want much more radical transformations applies, such
as the removal of encryption, forced conversion to MIME format, etc. etc.

There really isn't a one size fits all answer here, and it's silly to think
one can be found.

> > Sec 5 appears to say that if you try to parse and unparse a message, you
> > probably won't get back quite the same thing and particularly in the
> > presence of DKIM signatures and the like, details matter, so don't do that.
> > If you need multiple formats, retain the original so if you need to bounce
> > or report something, you can report what you actually received.
> >
> > If that's not what you mean, I'm totally confused.
> >

> This is similar, but has a different nuance.  If a message makes it all the
> way to an MUA where it's reported as abusive (spam, virus, whatever), then
> a report generated based on what the MUA sees might not be useful to the
> report receiver because it doesn't match the message that was originally
> generated.

And sometimes the opposite is true, e.g., in regards to attaching intermediate
analysis results. Again. it's not a one size fits all situation.

I'm not making any specific suggestion for a change here, more like suggesting
that certain possible changes are best not made.

				Ned