Great Circle Associates List-Managers
(May 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: rejected mail - RFC822 conflict ???
From: Eric Thomas <ERIC @ VM . SE . LSOFT . COM>
Date: Wed, 7 May 1997 22:18:52 +0200
To: KnowlesB @ aol . net, Brad Knowles <BKnowles @ aol . net>
Cc: LSTOWN-L @ PEACH . EASE . LSOFT . COM, LSTSRV-L @ PEACH . EASE . LSOFT . COM, Valdis Kletnieks <Valdis . Kletnieks @ VT . EDU>, Michael Ramundo <sysmrr @ CNSIBM . ALBANY . EDU>, Jeff Kell <jeff-kell @ UTC . EDU>, Pete Weiss <Pete-Weiss @ PSU . EDU>, list-managers @ GreatCircle . COM
In-reply-to: Message of Wed, 07 May 1997 16:14:03 -0400 from Brad Knowles <BKnowles @ aol . net>

On Wed, 07 May 1997 16:14:03 -0400 Brad Knowles <BKnowles @
 aol .
 net> said:

>> All you have to  do then is ignore the source  route, which is allowed
>> by RFC1123. I cannot think of any reason why ignoring the source route
>> would not address your concerns.
>
>    See my previous  response. I don't feel I have  anything more to say
>on that subject than I've already said.

I  must be  dumb then,  because  I don't  see anything  in your  previous
message which  explains why you  can't just  ignore the source  route per
RFC1123. What  I did  read your  previous message  is that  honouring the
source route creates  a problem for you because spammers  have used it to
request that bounces  be sent through a system whose  SMTP port is always
down, which I  imagine would create quite a big  queue for you. Obviously
if you ignore the source route this no longer happens. Equally obviously,
spammers can use a  MAIL FROM: address pointing to a  cisco but without a
source  route, or  they  can  use the  percent-hack.  This  looks like  a
non-solution with the side effect  of discarding legitimate mail. Where I
come from, this is called a Bad Thing.

>    Source  routes in  the  domain portion  are  inherently evil  beyond
>reproach, and there's nothing you can do to convince me that they should
>not be  rejected out of hand.  Any system that actively  propagates this
>kind of behaviour is likewise inherently evil. Any system that passively
>allows this kind of behaviour needs to be fixed.

Well  Brad, just  don't get  all surprised  the next  time the  usual AOL
bashing gang  flames you :-) They  are usually wrong, but  this time they
will be right.

>    However, this is a particular behaviour that has been deprecated for
>at least six  years (RFC 1123, section 5.2.6, as  clearly pointed out by
>Valdis), and it's time that it went completely away.

Fine, but the part I don't  really understand here is why AOL's customers
should suffer  because of Brad  Knowles' personal crusade  against source
routes. Until  I hear a TECHNICAL  explanation for why AOL  cannot comply
with RFC1123 and throw  away the source route part, I  will remain of the
technical opinion that AOL customers  have nothing to gain and everything
to lose from  this decision. I am  perfectly willing to admit  that I was
wrong if I  hear a compelling technical argument, but  right now all I've
heard is  that it would threaten  AOL's operations for reasons  that have
already been stated, except I just can't seem to find or understand these
reasons. Come to think about it,  you can actually prove the opposite. If
it is possible to severely impact AOL by sending a spam message with MAIL
FROM:<@xxx:yyy>  that AOL  would internally  convert to  MAIL FROM:<yyy>,
then obviously it is possible to  severely impact AOL by sending the same
spam message but with MAIL FROM:<yyy>, which AOL does accept. Yes?

>    Whatever  the  L-Soft  system   is  that  can  potentially  generate
>source-routed envelope addresses, I would like to make sure that current
>and future versions have that feature default to "off" (which appears to
>already be the case, given your other comments).

Yes, this  has been the case  for years. I  doubt more than a  handful of
sites still have the old settings.

>    There is nothing in any law that  requires me (or my company) to pay
>to accept messages that are in a format (and/or quantity) such that they
>threaten  the very  existance  of my  property (or  the  property of  my
>company).

Well, if  the one sender,  2-3 legitimate recipient messages  in question
threaten the very existence of your property, I think you need to upgrade
to less vulnerable  property :-) Anyway, sure, I'm happy  to concede that
you have the legal right to throw away any and all mail addressed to AOL,
just as Compuserve's marketing department has the legal right to organize
a party to  rejoice over the opportunities that you  have opened for them
today. This discussion  is clearly not going anywhere and  unless it gets
more technical quickly I suggest we all go home and forget about it.

  Eric


Indexed By Date Previous: Re: rejected mail - RFC822 conflict ???
From: Brad Knowles <BKnowles @ aol . net>
Next: Re: rejected mail - RFC822 conflict ???
From: Brad Knowles <BKnowles @ aol . net>
Indexed By Thread Previous: Re: rejected mail - RFC822 conflict ???
From: Brad Knowles <BKnowles @ aol . net>
Next: Re: rejected mail - RFC822 conflict ???
From: Brad Knowles <BKnowles @ aol . net>

Google
 
Search Internet Search www.greatcircle.com