Re: [apps-discuss] Review of: draft-ietf-appsawg-malformed-mail-03

["Murray S. Kucherawy" <superuser@gmail.com>]

On Sat, May 18, 2013 at 8:00 PM, John R Levine <johnl@taugh.com> wrote:

> With it refreshed and with all the new content, I'd love to have some more
>>> reviews of it in its current form.
>>>
>>
> Well, since you asked.
>
> I'm looking at the whole thing and I have to say I don't understand the
> point of sections 4 and 5.  I understand that Exchange and Outlook smash
> messages into an internal format and sort of reconstruct the original,
> sometimes, but I can't tell whether that's what you're referring to or
> something else.
>

> I think sec 4 is trying to say mail software may have a variety of
> internal representations, but all we're talking about here are messages
> interchanged in what purports to be 5322 (or its predecessors) format.
>


Consider a system that has several independent filtering modules.  It's
important that the modules don't change the content as it passes from one
to the next as doing so might obscure something that the next module might
consider reject-worthy.  Therefore, whatever transformations need to be
done have to be kept internal to the module and not released as the "real"
content.


> Sec 5 appears to say that if you try to parse and unparse a message, you
> probably won't get back quite the same thing and particularly in the
> presence of DKIM signatures and the like, details matter, so don't do that.
> If you need multiple formats, retain the original so if you need to bounce
> or report something, you can report what you actually received.
>
> If that's not what you mean, I'm totally confused.
>

This is similar, but has a different nuance.  If a message makes it all the
way to an MUA where it's reported as abusive (spam, virus, whatever), then
a report generated based on what the MUA sees might not be useful to the
report receiver because it doesn't match the message that was originally
generated.

In the next revision, I've mushed 4 and 5 together since they were so
similar.  I'll post later today and see what you think.


> I think 8.6 has TMI, I'd just say to synthesize a unique Message-ID. MSAs
> have been doing that for decades, people know how to do it, and your
> example seems more complicated than enlightening.  (Why use gmtime rather
> than just stick the numeric value of "now" into the ID.  Doesn't matter
> what the encoding is so long as it changes frequently.)
>

That's a real-world example; it's what sendmail does.  But sure, simpler is
better.  I'll clean it up.


>
> 10.1, bottom of p. 17: MUST take?  Even after downcasing the rogue
> 2119ism, I'd make it a lot milder than that.  If I am feeding stuff into my
> webmail system, and I happen to know that my display module handles long
> lines OK, I'd just leave the long lines alone.  It is my impression that
> long lines are much more likely to be from sloppy composition software than
> malicious.
>

That MUST should've come out in the last edit, since we're no longer doing
2119 stuff in here.  I'll just take that out.

Thanks for your comments.

-MSK