nanog mailing list archives

Re: IPv6 isn't SMTP

From: Barry Shein <bzs () world std com>
Date: Thu, 27 Mar 2014 15:06:15 -0400


On March 27, 2014 at 08:51 blake () ispn net (Blake Hudson) wrote:

The primary issues I see with SMTP as a protocol related to the lack of 
authentication and authorization. Take, for instance, the fact that the 
SMTP protocol requires a mail from: and rcpt to: address (more or less 
for authentication and authorization purposes), but then in the message 
allows the sender to specify a completely different set of sender and 
recipient information that gets displayed in the mail client.


This is mostly a UI issue. The user interface could show anything,
custom certainly has been as you describe: Show the message From: and
make it tricky (for most people) to get the envelope info.

Well, it's not mandatory that an MTA transmit the envelope info into
the message headers and, almost worse, different MTAs seem to use
different header fields for this. For example in SpamAssassin you are
encouraged to set which field it should look at for the envelope
sender.

But that's not REALLY a problem with SMTP per se. Only in practice, if
that's a useful distinction.

I won't go point by point but I will say that SMTP has been extended
several times -- just throw another verb into the mix to extend it.

Which is a very useful observation. SMTP also can transmit which verbs
are supported. One can extend a new idea and it's immediately
interoperable.

I suppose the obvious question is: What's to stop a spammer from
putting a totally legitimate key into their spam?

You also need some sort of reputation layer. Or maybe that makes it
unworkable.

I remember at the 2006 MIT Spam Conference where Eric Allman and I
were keynotes we got into a bit of a tussle over exactly this during
his question period. It was...amusing!


-- 
        -Barry Shein

The World              | bzs () TheWorld com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

Current thread:

IPv6 isn't SMTP Cutler James R (Mar 25)
- Re: IPv6 isn't SMTP Paul S. (Mar 25)
- Re: IPv6 isn't SMTP John Levine (Mar 25)
  - Re: IPv6 isn't SMTP Daniel Taylor (Mar 26)
    - Re: IPv6 isn't SMTP rwebb () ropeguru com (Mar 26)
    - Re: IPv6 isn't SMTP Andrew Sullivan (Mar 26)
    - Re: IPv6 isn't SMTP Daniel Taylor (Mar 26)
    - Re: IPv6 isn't SMTP Blake Hudson (Mar 26)
    - Re: IPv6 isn't SMTP Jimmy Hess (Mar 26)
    - Re: IPv6 isn't SMTP Blake Hudson (Mar 27)
    - Re: IPv6 isn't SMTP Barry Shein (Mar 27)
    - Re: IPv6 isn't SMTP Blake Hudson (Mar 27)
    - Re: IPv6 isn't SMTP Barry Shein (Mar 27)
    - Re: IPv6 isn't SMTP Blake Hudson (Mar 28)
    - Re: IPv6 isn't SMTP Clay Fiske (Mar 27)
    - Re: IPv6 isn't SMTP Blake Hudson (Mar 28)
    - Re: IPv6 isn't SMTP Dave Crocker (Mar 27)
    - Re: IPv6 isn't SMTP Lamar Owen (Mar 27)
- Re: IPv6 isn't SMTP Fred Baker (fred) (Mar 26)
  - Re: IPv6 isn't SMTP James R Cutler (Mar 26)
  - Re: IPv6 isn't SMTP John Levine (Mar 26)

(Thread continues...)