On Wed, 07 May 1997 16:14:03 -0400 Brad Knowles <BKnowles @
>> All you have to do then is ignore the source route, which is allowed
>> by RFC1123. I cannot think of any reason why ignoring the source route
>> would not address your concerns.
> See my previous response. I don't feel I have anything more to say
>on that subject than I've already said.
I must be dumb then, because I don't see anything in your previous
message which explains why you can't just ignore the source route per
RFC1123. What I did read your previous message is that honouring the
source route creates a problem for you because spammers have used it to
request that bounces be sent through a system whose SMTP port is always
down, which I imagine would create quite a big queue for you. Obviously
if you ignore the source route this no longer happens. Equally obviously,
spammers can use a MAIL FROM: address pointing to a cisco but without a
source route, or they can use the percent-hack. This looks like a
non-solution with the side effect of discarding legitimate mail. Where I
come from, this is called a Bad Thing.
> Source routes in the domain portion are inherently evil beyond
>reproach, and there's nothing you can do to convince me that they should
>not be rejected out of hand. Any system that actively propagates this
>kind of behaviour is likewise inherently evil. Any system that passively
>allows this kind of behaviour needs to be fixed.
Well Brad, just don't get all surprised the next time the usual AOL
bashing gang flames you :-) They are usually wrong, but this time they
will be right.
> However, this is a particular behaviour that has been deprecated for
>at least six years (RFC 1123, section 5.2.6, as clearly pointed out by
>Valdis), and it's time that it went completely away.
Fine, but the part I don't really understand here is why AOL's customers
should suffer because of Brad Knowles' personal crusade against source
routes. Until I hear a TECHNICAL explanation for why AOL cannot comply
with RFC1123 and throw away the source route part, I will remain of the
technical opinion that AOL customers have nothing to gain and everything
to lose from this decision. I am perfectly willing to admit that I was
wrong if I hear a compelling technical argument, but right now all I've
heard is that it would threaten AOL's operations for reasons that have
already been stated, except I just can't seem to find or understand these
reasons. Come to think about it, you can actually prove the opposite. If
it is possible to severely impact AOL by sending a spam message with MAIL
FROM:<@xxx:yyy> that AOL would internally convert to MAIL FROM:<yyy>,
then obviously it is possible to severely impact AOL by sending the same
spam message but with MAIL FROM:<yyy>, which AOL does accept. Yes?
> Whatever the L-Soft system is that can potentially generate
>source-routed envelope addresses, I would like to make sure that current
>and future versions have that feature default to "off" (which appears to
>already be the case, given your other comments).
Yes, this has been the case for years. I doubt more than a handful of
sites still have the old settings.
> There is nothing in any law that requires me (or my company) to pay
>to accept messages that are in a format (and/or quantity) such that they
>threaten the very existance of my property (or the property of my
Well, if the one sender, 2-3 legitimate recipient messages in question
threaten the very existence of your property, I think you need to upgrade
to less vulnerable property :-) Anyway, sure, I'm happy to concede that
you have the legal right to throw away any and all mail addressed to AOL,
just as Compuserve's marketing department has the legal right to organize
a party to rejoice over the opportunities that you have opened for them
today. This discussion is clearly not going anywhere and unless it gets
more technical quickly I suggest we all go home and forget about it.