Re: [Asrg] Some data on the validity of MAIL FROM addresses

Vernon Schryver <vjs@calcite.rhyolite.com> Wed, 21 May 2003 15:00 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24312 for <asrg-archive@odin.ietf.org>; Wed, 21 May 2003 11:00:02 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4LEQql24998 for asrg-archive@odin.ietf.org; Wed, 21 May 2003 10:26:52 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4LEQqB24995 for <asrg-web-archive@optimus.ietf.org>; Wed, 21 May 2003 10:26:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24261; Wed, 21 May 2003 10:59:31 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19IV2h-0007P0-00; Wed, 21 May 2003 10:58:11 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19IV2g-0007Ox-00; Wed, 21 May 2003 10:58:10 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4LEJBB24494; Wed, 21 May 2003 10:19:11 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4LE8MB24018 for <asrg@optimus.ietf.org>; Wed, 21 May 2003 10:08:22 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23844 for <asrg@ietf.org>; Wed, 21 May 2003 10:41:02 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19IUkn-0007HJ-00 for asrg@ietf.org; Wed, 21 May 2003 10:39:41 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19IUkm-0007HF-00 for asrg@ietf.org; Wed, 21 May 2003 10:39:40 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h4LEeva7007593 for asrg@ietf.org env-from <vjs>; Wed, 21 May 2003 08:40:57 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305211440.h4LEeva7007593@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
References: <p06001326baf11ab9a759@[192.168.1.104]>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 21 May 2003 08:40:57 -0600

> From: Kee Hinckley <nazgul@somewhere.com>

> >In fact the sendmail milter interface generally gives sufficient
> >information for per-user rules during the SMTP transaction.  That's
>
> I wasn't trying to single out milter's specifically.

I misunderstood your words to be unambiguously asserting that the
milter mechanism does not include the end user identity.

>                                                       What we've 
> discussed, over and over, is the fact that you can't always know the 
> final recipient at the time of receipt (even though you may know it's 
> a valid address).  I don't see the need for us to go into it over and 
> over again.

> ...
> .forward's were one thing.  The other is a standard system where the 
> gateway mail system is outside of the firewall, but additional 
> delivery is done inside the firewall.

We have agreed is that as people configure and run STMP servers for
various good and bad reasons, an SMTP server may not know the final
address and so may have problems doing proper spam filtering.

However, that fact does not imply that filtering cannot be done before
the end of the SMTP transaction or that it is not best done then.
You seem to be asserting to the contrary that filtering must or should
be done primarily during final delivery.  We certainly have not agreed
on that, although there have been some recent statements by others in
support of that view.

That fact also does not conflict with the fact that most filtering
could be done during the STMP transaction given perhaps onerous efforts
to synchronize user databases, whitelists, logs, and so forth among
SMTP servers.

I suspect that most filtering today does not need any synchronizing
among SMTP servers but could be done during the SMTP transaction given
appropriate filtering software.  For example, it sounds as if the
SpamAssassin milters need work.

None of that implies that additional filtering during final delivery
cannot or must not be done.


> But anyway.  I'm just don't see that this conversation is generating 
> anything except heat.

An IETF/IRTF working group mailing list is not like netnews or SPAM-L.
It is not merely a forum for stating positions and exchanging views.
It is a tool for generating and guaging consensus on technical issues.
Regardless of heat, this mailing list must address the issue of whether
filtering SHOULD (in the special meaning of RFC 2119) be done during
the SMTP transaction.  If we can't reach consensus on such a fundamental
and simple issue, then this mailing list is distinctly worse than useless.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg