IETF Logo Mail Archive

Re: [Jmap] Address Validation (was Re: Submission)

Brandon Long <blong@google.com> Wed, 26 April 2017 22:08 UTC

Return-Path: <blong@google.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7B3126CE8 for <jmap@ietfa.amsl.com>; Wed, 26 Apr 2017 15:08:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqs18V6SxICV for <jmap@ietfa.amsl.com>; Wed, 26 Apr 2017 15:08:46 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A654C12940F for <jmap@ietf.org>; Wed, 26 Apr 2017 15:08:42 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id j201so17697287oih.2 for <jmap@ietf.org>; Wed, 26 Apr 2017 15:08:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XJWwkjZ8Ys6oJvQ2lmOoSoslS8E7NzGVNPjhk096sTE=; b=PgodcwNXUrpZHD+h/hPEQJFtJA20DC2jpsVgiDsfKSvQxGsMK/MqkS7hhnPOMeW1oC 2EOmXaFCQQpVYthoEorJwciaIJ2cLKvv4NEEmlb70n08MO2jSYn6Fw1xAm4oYmnvKYrH 1FsHccG9AqW8pbirY4fPJ+W6m8TnEv8/RanMfco6vnlDneezczScvn4I9SqqI5ZYqWBY E5lDEBzgYxv7PcXWaMIV8yVdUXuKQFfjI+SXvMw8uAxe902obAlFw0yGdCtYnBaojai9 U2OcxMurcd3OoKxtjngwmW5AY44Qzlf89L7u74bQn51xss5nV8otl3hU+y277BrF/Zbq N8+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XJWwkjZ8Ys6oJvQ2lmOoSoslS8E7NzGVNPjhk096sTE=; b=PhCcnRK9m72L3qGnq3mAp6uSRHl4yxDBDExkqUZI9mWgOVDpNmlhPCjXsp/dGyNuTn NTPLD+v01iPSm2/mm8EiHWp5ZYGunbsDmi0JI2CoKluluQIdi6pzRDypCmuF3BUusOuB CerHEToYfE7sIOAtQhqHx2C45pupITuvi3WGT5zEeeo0Ovpc984ogbkCz1t1+0VS9zOI HWbmWQxMztQLcUluGtB/rXrZUsd54rr/Uyg/fqFgAvZ6UxxoPesAdLY1rbR0DfhhvlZk rGujuk34YdikSbQvwYC6ALM0+MkwGelyEOuTw641+YZRCHB1Os+iQYN6FKFWvKR6DFJh SLrw==
X-Gm-Message-State: AN3rC/72dBqV8jO64FI94aFdnsHFhhV2PeU393tbIRR4KTpYlN2C/NB/ fh5rImORPuLhEXz4ImBJM7fW5s9J1oLJ
X-Received: by 10.157.15.205 with SMTP id m13mr1214537otd.6.1493244521530; Wed, 26 Apr 2017 15:08:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.8.101 with HTTP; Wed, 26 Apr 2017 15:08:40 -0700 (PDT)
In-Reply-To: <00616B85-F365-4B1F-82EA-2FF2623CED77@oracle.com>
References: <emd3533c0d-dc08-45c3-801c-07972858ad64@bodybag> <20170421001702.24991.qmail@ary.lan> <em7b8ab713-d303-46e1-b0de-eec9f43f18e0@bodybag> <00616B85-F365-4B1F-82EA-2FF2623CED77@oracle.com>
From: Brandon Long <blong@google.com>
Date: Wed, 26 Apr 2017 15:08:40 -0700
Message-ID: <CABa8R6v0XJrgw7m1CfWxiBgpADiMgyZbAPSQXyY_OkaNNfnurg@mail.gmail.com>
To: Chris Newman <chris.newman@oracle.com>
Cc: Adrien de Croy <adrien@qbik.com>, "jmap@ietf.org" <jmap@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d0c78451ca6054e19159d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/RbIaqPeaodFW1U7Ldq5SauBhVcQ>
Subject: Re: [Jmap] Address Validation (was Re: Submission)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 22:08:48 -0000

This is the second time you've asked for the SMTP status codes and enhanced
status codes, I'm very unclear what the utility of those would be, and why
we would need
to expose them to JMAP.

We very rarely care about the difference between the codes beyond
ok/temp/perm, and find that folks are fairly inconsistent about the
enhanced codes, or that the enhanced codes don't actually translate into
useful information from a user perspective.  At best they provide a
fallback for what is otherwise a long list of regexes for the error
messages themselves.

It also ties the implementation to SMTP when SMTP may not even be used, ie
local delivery on a service using JMAP may never use SMTP.  It also ties it
to SMTP when we know that we can't implement it with SMTP (due to address
scraping concerns).

One could make a better case for tying it to LDAP, for example.

Brandon

On Fri, Apr 21, 2017 at 6:02 PM, Chris Newman <chris.newman@oracle.com>
wrote:

> On 20 Apr 2017, at 23:16, Adrien de Croy wrote:
>
>> In article <emd3533c0d-dc08-45c3-801c-07972858ad64@bodybag> someone
>>> write:
>>>
>>>> I'd love to see a mail client that does at least initial validation on
>>>> destination email addresses as they are added to the message, so that
>>>> errors in the addresses which can be resolved at that stage (e.g.
>>>> NXDOMAIN) can be raised with the email author before the mail is even
>>>> submitted.
>>>>
>>>
>>> This is quite the can of worms.  It's easy enough to look up a domain
>>> and see if it has an A or an MX, but whatever you were planning to do
>>> to validate mailboxes will get you blacklisted as a listwashing
>>> spammer.
>>>
>> sure, I think there are fundamental issues with trying to go further than
>> an A/MX for now, but if we built in a mechanism to verify addresses, it
>> could be extended later, rather than being blocked off for all of eternity.
>>
>> Even A/MX would have some value.  Who knows what kind of trusted mail
>> delivery infrastructure may come out in the future, at some stage we have
>> to fix SMTP.  Forever is a long time.
>>
>
> The present model for MUA mail address validation is to authenticate to an
> IETF standard submission server, issue a MAIL FROM + RCPT TO + RSET.
> Anyway, I support adding a feature in JMAP that does the equivalent of
> performing this sequence of commands on the Submission server and returns a
> 3-digit SMTP status code, optionally SMTP enhanced status codes (see RFC
> 3463 section 3.2) and text string.
>
> This is quite extensible and I believe this specific functionality is
> in-scope of the JMAP charter as Submission (RFC 6409) is explicitly
> in-scope. Doing address validation this way is already quite powerful. For
> example, if the submission server chooses to implement the SMTP 251/551
> response codes for local users, the mail client gains the ability to prompt
> the user to correct the address book entry for that recipient.
>
> How much validation the submission server does then becomes a
> quality-of-implementation issue (and there are, of course, security/privacy
> issues). Future work would be to define additional SMTP/Submit enhanced
> status codes for additional address validation, but that's presently
> out-of-scope for the JMAP charter.
>
> The JMAP charter does not permit development of a new address validation
> mechanism and I object to development of a new incompatible validation
> mechanism on the grounds that having two mechanisms to perform the same
> function is poor design, when a full-standard mechanism to do address
> validation already exists. I support mapping the existing Submission
> validation mechanism to JMAP in a way that preserves all the semantics of
> the existing mechanism.
>
>                 - Chris
>
> _______________________________________________
> Jmap mailing list
> Jmap@ietf.org
> https://www.ietf.org/mailman/listinfo/jmap
>

v2.23.0 | Report a Bug | By Email