Re: Email System Model

[Alessandro Vesely <vesely@tana.it>]

ned+ietf-smtp@mrochek.com wrote:
>>>> Externally administered backup MXes run into backscattering because 
>>>> they don't maintain a copy of the users database.
>>>
>>> Some don't, many do.
>
>> Hm... would you expand on that, please? I browsed a few backup MX 
>> providers (DydDNS, ZoneEdit and Mailfail) and saw no evidence that 
>> they do.
>
> You're looking at commercial backup provision services. Historically this isn't 
> how backuup MX arrangements have worked. Most of them are simply one small site 
> helping out another. In such cases providing a copy of your address list often 
> isn't a big deal.

Offering backup MX services to a 98+% uptime server didn't require 
much resource allocation, at the time. Holding a cache copy of the 
users database may be slightly heavier.

> In fact there's even a suggested protocol for it. I don't recall the draft
> name, but it works by putting the address list in the DNS. You then use 
> zone transfer to move the data around and keep it up to date.

I only found "Minger", Expires: January 9, 2009
http://tools.ietf.org/html/draft-hathcock-minger
In short, it provides an UDP-based security-enhanced alternative to 
VRFY, and uses no DNS. It might have worked, but would have required a 
backup minger server...

>> in principle, users should be aware of what organizations 
>> take part in managing their data. Currently, that info is relegated to 
>> a non-machine readable ISP's policy page, if any.
>
> That's ... idealistc, I must say. I doubt very much if most administrators 
> agree that simply the list of active addresses, with no additional attached 
> data whatsoever, in their domains have such serious privacy implications.

Serious or not, it is what privacy laws require in several countries. 
While a policy page is enough for the law, I think privacy concerned 
users would appreciate the ability to retrieve the effective list of 
servers where their email addresses are stored. I agree it's an 
idealistic wish, and it will probably remain that way until some 
marketing function will say otherwise.

>> The rule to strip subaddresses is a good point. Apparently, a regex 
>> might suffice,
>
> At one point I suggested using NAPTR records as part of the address
> distribution protocol for secondaries in order to get exactly this effect.

Is it practical to use DNS at all for this purpose? Why not LDAP, SQL, 
rsync, or ...? Regexes could also be passed along with other metadata, 
such as agreements on DNSBLs, whitelists, etcetera (and what of that 
can be overridden by per-user flags.)