Re: [Asrg] CRI Header Wed, 11 June 2003 02:54 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id WAA27409 for <>; Tue, 10 Jun 2003 22:54:44 -0400 (EDT)
Received: (from mailnull@localhost) by (8.11.6/8.11.6) id h5B2sLX18042 for; Tue, 10 Jun 2003 22:54:21 -0400
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id h5B2sKB18039 for <>; Tue, 10 Jun 2003 22:54:20 -0400
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id WAA27402; Tue, 10 Jun 2003 22:54:14 -0400 (EDT)
Received: from ietf-mx ([]) by ietf-mx with esmtp (Exim 4.12) id 19Pvid-0004Ba-00; Tue, 10 Jun 2003 22:52:11 -0400
Received: from ([] by ietf-mx with esmtp (Exim 4.12) id 19Pvid-0004BX-00; Tue, 10 Jun 2003 22:52:11 -0400
Received: from (localhost.localdomain []) by (8.11.6/8.11.6) with ESMTP id h5B2qUB17952; Tue, 10 Jun 2003 22:52:30 -0400
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id h5B2p2B17910 for <>; Tue, 10 Jun 2003 22:51:02 -0400
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id WAA27306 for <>; Tue, 10 Jun 2003 22:50:56 -0400 (EDT)
Received: from ietf-mx ([]) by ietf-mx with esmtp (Exim 4.12) id 19PvfR-0004AI-00 for; Tue, 10 Jun 2003 22:48:53 -0400
Received: from ([] by ietf-mx with esmtp (Exim 4.12) id 19PvfQ-00049z-00 for; Tue, 10 Jun 2003 22:48:53 -0400
Received: from ( []) by (Postfix) with SMTP id 43895369B7 for <>; Tue, 10 Jun 2003 22:50:23 -0400 (EDT)
Received: by (sSMTP sendmail emulation); Tue, 10 Jun 2003 22:50:39 +4400
To: ASRG list <>
Subject: Re: [Asrg] CRI Header
Message-ID: <20030611025039.GA1809@m433>
References: <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.4.1i
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
List-Archive: <>
Date: Tue, 10 Jun 2003 22:50:39 -0400

On Sun, Jun 08, 2003 at 10:47:00AM -0400, Eric Dean wrote
> I'm pretty sure that it's clear we should move forward with proposing
> a new RFC2822 header.  If a BOF wants to throw an X in front of
> it, then so be it.  I'll proceed br producing a draft with real
> 2822-type headers.
> However, if someone out there is interested, we could interoperate
> in the meantime using X or optional headers as well as with proposed
> 2822 headers

  Has any consideration been given to doing this at the SMTP stage
rather than as part of DATA: ?  E.g. an EHLO which tries to negotiate a
set of features, including CHRE:.  If the destination MTA says "Yes, I
do CHRE:", then do a "CHRE:" step just after the "RCPT:" step.
Advantages to this include...

  1) Spam runs from compromised home machines (Jeem.pv and Guzu) with
forged "From:" addresses don't mailbomb innocent 3rd parties if rejected
at SMTP time.

  2) Yes, I realize that the ISP's MTA will have to keep state
information regarding the luser's preferences.  However, it comes down
to either a) ISP's server doing it (maybe luser enters pre-emptive
             whitelist/blocklist via web interface), or
          b) luser administering it on his own MUA (Aunt Ethel or your
             parents, yeah sure)

  3) Clients can change MUA's, restore backed-up drives, format and
re-install, access email via web interface or laptop or handheld, etc,
etc, without worrying about replicating/propagating a small distributed
database over several client MUA's and devices.  An XML structure to
download and upload settings would also be nice for synchronizing
multiple accounts at different ISPs.

  4) This would require changes in MTA rather than MUA.  The top 10 or
twenty ISP's on the planet probably have 100,000,000 customers. Questions
     a) is it going to be easier to implement changes at a couple of
        dozen locations (plus multiple redundant MTAs) or a hundred
        million locations (multiplied by the number of devices/MUA's the
        clients use to access their email) ?
     b) as per 2-b) do you expect Aunt Ethel to be competent to download
        and install updated MUA's ?  Hint, consider how many people use
        the default browser/mailer/newsreader that came with their OS.

  5) Doing C/R via embedded headers means having to accept the entire
email, because headers are part of DATA:.  This uses additional
bandwidth, even if the destination MTA issues a 550.

  6) Which is going to to impose more load on an MTA
     a) handling an extra stage in the SMTP negotiation
     b) accepting the entire email and parsing the entire body looking
        for C/R headers

  7) What about mailing lists (like this one for instance) that use
b0rken 2-bit defaults where hitting "r" to reply sends a reply not to
the list but to the individual sender ?  How difficult is it to insert a
"Reply-To:" header?  How are MUAs going to handle Envelope-From.  Don't
talk to me about "Return-Path:".  Many ISPs don't generate this on
incoming email, many MUAs don't use it, and your Aunt Ethel doesn't know
what it is, let alone the difference between "MAIL FROM:" and "From:".

  BTW, for those who despise b0rken mailing-list software, here is the
answer, via procmail.  Generate your own "Reply-To:" header...

:0 fhw
* ^X-BeenThere:.*asrg@ietf\.org
* !^Reply-To: asrg@ietf\.org
  | formail -i "Reply-To: (ASRG list)"

  ISP-wide implementations that send challenges via regular email
address some, but not all of the above issues.

Walter Dnes <>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
Asrg mailing list