Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Complaint of the week: Ebay abuse mail (slightly OT)

  • From: Jason Robertson
  • Date: Mon Aug 04 12:50:28 2003

Also the fact that the transition time would require many companies to 
run 2 or more protocols.  And simply put the majority of SMTP isn't 
bad, if fully implemented as a single standard and implemented by 
vendors and developers.

But the idea isn't bad, but may have massive cost additions, if you are 
going to authenticate servers, we would basically be better off to run 
a FIDONET netmail configuration, where you must register to a 
controlling party, but then that may mean a monthly charge.

Though I do have my own proposal sitting ontop of SMTP, and used 
initially as something to determine the level of filtering to do, it 
would reduce requirements on dns queries to various rbl's.

It will also validate headers and each host along the way.

Another thing that I am putting in the ID.. is standard error message 
formats, it would make life easier for maillist owners, there is one 
mail server that sends back only the account name of an invalid 
mailbox, without a domain or email address to help even figure which 
message failed.

Jason

On 4 Aug 2003 at 12:16, Valdis.Kletnieks@vt.edu wrote:

> On Mon, 04 Aug 2003 13:38:37 BST, Michael.Dillon@radianz.com  said:
> 
> > The web of trusted email servers would use a new and improved mail 
> > transfer protocol (NIMTP) that would only be used to exchange email 
> > between trusted servers. Users could continue to use authenticated SMTP to 
> > initiate the sending of email, but nobody would accept any unauthenticated 
> > SMTP servers any more.
> 
> And this would deploy how?  In particular, consider the following questions:
> 
> 1) What *immediate* benefits do you get if you are among the first to deploy?
> (For instance, note that you can't stop accepting "plain old SMTP" till
> everybody else deploys).
> 
> 2) Who bears the implementation cost when a site deploys, and who gets the
> benefit? (If it costs *me* to deploy, but *you* get the benefit, why do I want
> to do this?)
> 
> 3) What percentage of sites have to deploy before it makes a real difference,
> and what incremental benefit is there to deploying before that? (For any given
> scheme that doesn't fly unless 90% or more of sites do it, explain how you
> bootstrap it).
> 
> 4) Does the protocol still keep providing benefit if everybody deploys it?
> (This is a common problem with SpamAssassin-like content filters - if most
> sites filter phrase "xyz", spammers will learn to not use that phrase).
> 
> If you have a *serious* proposal that actually passes all 4 questions (in
> other words, it provides immediate benefit to early adopters, and still
> works when everybody does it), bring it on over to 'asrg@ietf.org'.
> 
> 
> 






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.