IPv6 isn't SMTP

Barry Shein bzs at world.std.com
Thu Mar 27 19:06:15 UTC 2014 

On March 27, 2014 at 08:51 blake at ispn.net (Blake Hudson) wrote:
 > >
 > The primary issues I see with SMTP as a protocol related to the lack of 
 > authentication and authorization. Take, for instance, the fact that the 
 > SMTP protocol requires a mail from: and rcpt to: address (more or less 
 > for authentication and authorization purposes), but then in the message 
 > allows the sender to specify a completely different set of sender and 
 > recipient information that gets displayed in the mail client.

This is mostly a UI issue. The user interface could show anything,
custom certainly has been as you describe: Show the message From: and
make it tricky (for most people) to get the envelope info.

Well, it's not mandatory that an MTA transmit the envelope info into
the message headers and, almost worse, different MTAs seem to use
different header fields for this. For example in SpamAssassin you are
encouraged to set which field it should look at for the envelope
sender.

But that's not REALLY a problem with SMTP per se. Only in practice, if
that's a useful distinction.

I won't go point by point but I will say that SMTP has been extended
several times -- just throw another verb into the mix to extend it.

Which is a very useful observation. SMTP also can transmit which verbs
are supported. One can extend a new idea and it's immediately
interoperable.

I suppose the obvious question is: What's to stop a spammer from
putting a totally legitimate key into their spam?

You also need some sort of reputation layer. Or maybe that makes it
unworkable.

I remember at the 2006 MIT Spam Conference where Eric Allman and I
were keynotes we got into a bit of a tussle over exactly this during
his question period. It was...amusing!


-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

More information about the NANOG mailing list