IETF Logo Mail Archive

[Jmap] Address Validation (was Re: Submission)

"Chris Newman" <chris.newman@oracle.com> Sat, 22 April 2017 01:03 UTC

Return-Path: <chris.newman@oracle.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1180A129BCD for <jmap@ietfa.amsl.com>; Fri, 21 Apr 2017 18:03:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.002
X-Spam-Level:
X-Spam-Status: No, score=-7.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMUaVaXEzKYZ for <jmap@ietfa.amsl.com>; Fri, 21 Apr 2017 18:03:01 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B81FC129BBD for <jmap@ietf.org>; Fri, 21 Apr 2017 18:03:01 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v3M12xIc029039 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 22 Apr 2017 01:03:00 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v3M12x0B028764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 22 Apr 2017 01:02:59 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id v3M12uIj013104; Sat, 22 Apr 2017 01:02:57 GMT
Received: from [192.168.15.59] (/66.214.236.56) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 21 Apr 2017 18:02:56 -0700
From: Chris Newman <chris.newman@oracle.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: "jmap@ietf.org" <jmap@ietf.org>
Date: Fri, 21 Apr 2017 18:02:55 -0700
Message-ID: <00616B85-F365-4B1F-82EA-2FF2623CED77@oracle.com>
In-Reply-To: <em7b8ab713-d303-46e1-b0de-eec9f43f18e0@bodybag>
References: <emd3533c0d-dc08-45c3-801c-07972858ad64@bodybag> <20170421001702.24991.qmail@ary.lan> <em7b8ab713-d303-46e1-b0de-eec9f43f18e0@bodybag>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/qVFLFzL5M9BYNQzAH4GneICHt0w>
Subject: [Jmap] Address Validation (was Re: Submission)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Apr 2017 01:03:03 -0000

On 20 Apr 2017, at 23:16, Adrien de Croy wrote:
>> In article <emd3533c0d-dc08-45c3-801c-07972858ad64@bodybag> someone 
>> write:
>>> I'd love to see a mail client that does at least initial validation 
>>> on
>>> destination email addresses as they are added to the message, so 
>>> that
>>> errors in the addresses which can be resolved at that stage (e.g.
>>> NXDOMAIN) can be raised with the email author before the mail is 
>>> even
>>> submitted.
>>
>> This is quite the can of worms.  It's easy enough to look up a domain
>> and see if it has an A or an MX, but whatever you were planning to do
>> to validate mailboxes will get you blacklisted as a listwashing
>> spammer.
> sure, I think there are fundamental issues with trying to go further 
> than an A/MX for now, but if we built in a mechanism to verify 
> addresses, it could be extended later, rather than being blocked off 
> for all of eternity.
>
> Even A/MX would have some value.  Who knows what kind of trusted mail 
> delivery infrastructure may come out in the future, at some stage we 
> have to fix SMTP.  Forever is a long time.

The present model for MUA mail address validation is to authenticate to 
an IETF standard submission server, issue a MAIL FROM + RCPT TO + RSET. 
Anyway, I support adding a feature in JMAP that does the equivalent of 
performing this sequence of commands on the Submission server and 
returns a 3-digit SMTP status code, optionally SMTP enhanced status 
codes (see RFC 3463 section 3.2) and text string.

This is quite extensible and I believe this specific functionality is 
in-scope of the JMAP charter as Submission (RFC 6409) is explicitly 
in-scope. Doing address validation this way is already quite powerful. 
For example, if the submission server chooses to implement the SMTP 
251/551 response codes for local users, the mail client gains the 
ability to prompt the user to correct the address book entry for that 
recipient.

How much validation the submission server does then becomes a 
quality-of-implementation issue (and there are, of course, 
security/privacy issues). Future work would be to define additional 
SMTP/Submit enhanced status codes for additional address validation, but 
that's presently out-of-scope for the JMAP charter.

The JMAP charter does not permit development of a new address validation 
mechanism and I object to development of a new incompatible validation 
mechanism on the grounds that having two mechanisms to perform the same 
function is poor design, when a full-standard mechanism to do address 
validation already exists. I support mapping the existing Submission 
validation mechanism to JMAP in a way that preserves all the semantics 
of the existing mechanism.

		- Chris

v2.23.0 | Report a Bug | By Email