Re: ISP phishing

[william(at)elan.net]

On Wed, 29 Jun 2005, Suresh Ramasubramanian wrote:

> On 29/06/05, william(at)elan.net <william@elan.net> wrote:
> > Another issue is that are doing the forwarding are the ones that
> > are most often least maintained as far as upgrading software and
> > enabling new SMTP features. As a result an idea that we will ask
> > all forwarders to change and identify themselves in forwarded mail
> > can not happen as quickly as path authentication proponents want.
> Please name a few names on just who is not enabling "new smtp features"
>
> And what "smtp features" you'd like enabled.  RFC 2822 / ESMTP hasnt
> changed all that much, and then there's SES, which if you call an SMTP
> feature, I'd beg to differ on that ..
DSN are not supported and that is important as far as forwarding goes.
8BITMIME and BINARYMIME are rarely supported.

Also don't confuse SES with SRS. SES is specification of crypt signatures
in RFC2821 MAILFROM and should not be added by forwarders.


As to who, I don't want to put names but many (I'd go as far as to say
majority, but we'd need statistical study) university forwarding servers
for alumni forwarding run smtp software 5+ years old (they don't really
need much more then just to look at aliases of forwarding db and send
email further - once setup this system works for long time). Many small 
companies with email forwarding setup forwarding setup for few old 
employers or for subdivisions they previously bought also have problems.

BTW - I happened to know person who has setup email forwarding for his
department in major university in st.louis on sparc2 12 years ago.
It is still working as far as I know! Last mail software update on it
I believe was made 5 or 6 years ago when open relaying was disabled.

--
William Leibzon
Elan Networks
william@elan.net