Re: [Asrg] C/R Interworking Framework
Yakov Shafranovich <research@solidmatrix.com> Thu, 05 June 2003 15:02 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29574 for <asrg-archive@odin.ietf.org>; Thu, 5 Jun 2003 11:02:24 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h55F20A11473 for asrg-archive@odin.ietf.org; Thu, 5 Jun 2003 11:02:00 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55F20B11470 for <asrg-web-archive@optimus.ietf.org>; Thu, 5 Jun 2003 11:02:00 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29534; Thu, 5 Jun 2003 11:01:54 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19NwDj-0007ft-00; Thu, 05 Jun 2003 11:00:03 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19NwDi-0007fq-00; Thu, 05 Jun 2003 11:00:02 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55Er3B10685; Thu, 5 Jun 2003 10:53:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h55EqjB10643 for <asrg@optimus.ietf.org>; Thu, 5 Jun 2003 10:52:45 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29094 for <asrg@ietf.org>; Thu, 5 Jun 2003 10:52:40 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Nw4m-0007Zh-00 for asrg@ietf.org; Thu, 05 Jun 2003 10:50:48 -0400
Received: from 000-237-424.area5.spcsdns.net ([68.27.166.189] helo=68.27.166.189 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19Nw4k-0007Zb-00 for asrg@ietf.org; Thu, 05 Jun 2003 10:50:47 -0400
Message-Id: <5.2.0.9.2.20030605103833.00b9cc08@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: Dave Aronson <dja2003@hotpop.com>, Peter Kay <peter@titankey.com>
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] C/R Interworking Framework
Cc: asrg@ietf.org
In-Reply-To: <200306050906.41885.dja2003@hotpop.com>
References: <DD198B5D07F04347B7266A3F35C42B0B0FD01E@io.cybercom.local> <DD198B5D07F04347B7266A3F35C42B0B0FD01E@io.cybercom.local>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 05 Jun 2003 10:52:21 -0400
At 09:06 AM 6/5/2003 -0400, Dave Aronson wrote: >"Peter Kay" <peter@titankey.com> wrote: > > > 2. The recipient does not have me on their whitelist, so they send a > > challenge. But because their "FROM" address in the MAIL command is > > NOT the sender's address, TTK doesn't have that address on its > > whitelist so it sends a challenge to the challenge. > > > > End result is that the TTK user never sees the recipients challenge > > and the recipient never gets the email. So what ends up happening is > > the recipient has to go through their quarantine folder and pull out > > the email. The TTK user never gets the email because the challenge > > was killed in the MAIL command. > > > > So, to me, C/R systems need to at least use their end-users email > > address on the MAIL FROM address in the mail command. > >Using a Reply-To could throw a bit of a monkey-wrench into this. Perhaps >the protocol should specify sending to the Reply-To (if present), and if >that verifies, then consider the From verified as well. > >Also, many people have Lots And Lots of addresses. I can think of three >addies offhand of mine that lots of people get email from, not counting >the temporaries, and sometimes I forget to switch addies when sending to >certain people. Perhaps the protocol could also say, "I might also send >you email later under the following addresses", and whitelist them too, >possibly with the whole C/R process repeated for each. > >Something tells me there are problems with these ideas, but there's too >much blood in my coffee stream to figure them out at the moment. |-) Careful perusal of the relevant RFCs shows that there are differences between these fields. Section 3.6.2 of RFC 2822, distinguishes between various "sender" fields: o "The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message." o "The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message. " o "When the "Reply-To:" field is present, it indicates the mailbox(es) to which the author of the message suggests that replies be sent." The "FROM" field is the one that will get C/R checked, since that is the mailbox that sent the email. Additionally, the "MAIL FROM" addresses that is used in SMTP is not intended to this purpose, rather it indicates a mailbox to which errors should be sent to. It is perfectly legal and sometimes even recommended in RFC 2821 to use <> for the MAIL FROM. Yakov --------------------------------------------------------------------------------------------------- Yakov Shafranovich / <research@solidmatrix.com> SolidMatrix Research, a division of SolidMatrix Technologies, Inc. --------------------------------------------------------------------------------------------------- "One who watches the wind will never sow, and one who keeps his eyes on the clouds will never reap" (Ecclesiastes 11:4) --------------------------------------------------------------------------------------------------- _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] C/R Interworking Framework John Fenley
- RE: [Asrg] C/R Interworking Framework Eric Dean
- RE: [Asrg] C/R Interworking Framework Yakov Shafranovich
- RE: [Asrg] C/R Interworking Framework Eric Dean
- RE: [Asrg] C/R Interworking Framework Yakov Shafranovich
- RE: [Asrg] C/R Interworking Framework Peter Kay
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Vernon Schryver
- RE: [Asrg] C/R Interworking Framework Eric Dean
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Vernon Schryver
- RE: [Asrg] C/R Interworking Framework Peter Kay
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Vernon Schryver
- Re: [Asrg] C/R Interworking Framework Dave Aronson
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Vernon Schryver
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Kee Hinckley
- Re: [Asrg] C/R Interworking Framework Scott Nelson
- RE: [Asrg] C/R Interworking Framework Peter Kay
- RE: [Asrg] C/R Interworking Framework Peter Kay
- RE: [Asrg] C/R Interworking Framework Scott Nelson
- RE: [Asrg] C/R Interworking Framework Peter Kay
- RE: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Rob Cameron
- RE: [Asrg] C/R Interworking Framework Peter Kay
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- Re: [Asrg] C/R Interworking Framework Art Pollard
- RE: [Asrg] C/R Interworking Framework Peter Kay
- Re: [Asrg] C/R Interworking Framework Yakov Shafranovich
- RE: [Asrg] C/R Interworking Framework Eric D. Williams
- RE: [Asrg] C/R Interworking Framework Yakov Shafranovich
- RE: [Asrg] C/R Interworking Framework Art Pollard
- RE: [Asrg] C/R Interworking Framework Art Pollard
- RE: [Asrg] C/R Interworking Framework Eric D. Williams
- RE: [Asrg] C/R Interworking Framework Yakov Shafranovich