From: Guido Van De Velde (Guido.VanDeVeldecc.kuleuven.ac.be)
Date: Fri Oct 03 2003 - 04:12:27 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I want to thank you for this opinion, at least there _are_ people who
don't stick to the theory, but see the pracitical implications as well.
guido

Greg A. Woods wrote:
> [ On Thursday, October 2, 2003 at 10:23:20 (+0200), Guido Van De Velde wrote: ]
>
>>Subject: Re: Sender access restrictions by connecting back to the MX/A server(s)
>>
>>I understand this can all be true, but I do not agree completely. There
>>are several circumstances where the mx of a from-address is not
>>available at the time of sending the message.
>
>
> Indeed -- there are more than several situations when the sender's
> mailer may not be available!
>
> That is the main reason why I do not condone active verification of
> sender addresses during the initial SMTP delivery attempt (or even the
> implementation of such features for optional use -- such things are
> irresponsible mechanisms that should not be made available to ignorant
> people).
>
> On the other hand the DNS for the sender address domain really should be
> available at all times (because the DNS for any valid domain is expected
> to always be available at all times), but the mailer for that domain
> need not be available 100% of the time.
>
> (and if any one of the nameservers for the domain is available then the
> DNS for that domain must be valid -- i.e. have the correct form and meet
> all the requirements and restrictions for the given record types, etc.)
>
>
>>If you're not able to bounce back, the mail is lost. Bad luck for the
>>sender. If the sender wants a garantee about delivery or a bounce
>>message, he should have used a correct from-address. But isn't that his
>>choice ?
>
>
> It is indeed bad luck for the sender to not have used a valid sender
> address -- however the message is now the _responsibility_ of the mailer
> currently holding the message. Accepting a message by way of SMTP means
> accepting the responsibility to either deliver it to the recipient
> mailbox(es) or to return it to the sender. If one knows in advance that
> the sender address is invalid (the DNS is broken, or attempts to send
> bounces to that address have failed in the past, or perhaps even just
> that the sender's domain is listed by rfc-ignorant.org) then it's not
> very wise to accept responsibility for delivering any message from that
> sender.
>
>
>>They should check the sending client (ip), not the sending emailaddress,
>>and also communicate with the client's systemadmin in case of problems.
>> Every from-address can be faked.
>
>
> While both your statements are true (the sending client should be
> verified, and sender addresses can be forged), the issue here is whether
> or not a bounce can be returned to the sender. If one knows for certain
> that bounces are undeliverable to a given address then it's not very
> wise to accept responsibiltiy for any message sent from such a broken
> address.
>
> However as I say it's not possible to discover instantaneously whether
> or not an address is invalid -- it takes many days of regular retries
> before one can be certain enough of such a thing. Sender address
> verification should always be done after the fact, not during initial
> delivery attempts. The results should only ever be used for future
> delivery attempts, not an initial delivery attempt.
>
>
>>A regular mail with from like guidoNOSPAM.org to my home-mailbox is
>>bounced/refused, but a flame I send with a from=wietsporcupine.org is
>>accepted ??? Is that what we want ?
>
>
> In the traditional physical postal system the sender pays and so if the
> sender wishes to thrown his money away by not using a valid return
> address then it's only his loss. The recipient does not have to accept
> responsibility for final delivery of the letter, nor does the recipient
> have to bear at least half the cost of receiving the letter.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]