Re: Sufficient email authentication requirements for IPv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Saturday, March 30, 2013 14:57 +0000 "Livingood, Jason"
<Jason_Livingood@xxxxxxxxxxxxxxxxx> wrote:

>...
> Mail acceptance for IPv4 worked inclusively - receivers accept
> unless IP reputation or other factors failed. IMHO with IPv6
> that model may need to be turned around to an exclusive one -
> so receivers will not accept mail unless certain factors are
> met (like domain-based authentication or the IPv6 address is
> on a whitelist). I'd expect MAAWG will continue to be a good
> place for mail ops folks to work through this stuff.

Without expressing any particular opinion about the above, I
would encourage people to remember that one of the fundamental
design decisions about Internet mail --predating even RFCs
821/822-- has been that messages will either be delivered or
explicitly rejected in a way that produces an NDN to the sender.
There was obviously an exception case when the NDN could not be
delivered, but it was, and remains, rare for
properly-constructed legitimate messages.  Put differently, it
is not a "sometimes works" or "best efforts" service: the sender
has the right to assume that silence implies successful delivery.

Legitimate concerns about "Joe-job" attacks, blowback, and
similar nonsense have created good operational reasons to not
have every undeliverable message generate an NDN.   From the
point of view of a legitimate sender, silence no longer reliably
indicates delivery: it could indicate delivery, silent dropping
of the message for a reason indiscernible to the sender, or. in
rare cases, loss of the NDN.

We specified delivery notifications to permit a sender to get a
higher level of assurance about delivery, but support for them
has always been optional.  If a sender asks for a delivery
notification, no response (and no NDN) can mean that the
delivery notification got lost, the NDN, got lost, or the
message was successfully delivered but delivery notifications
were not supported by the delivery MTA -- a rather ambiguous
situation.

It sometimes feels as if anti-spam efforts are trending in the
direction of its being acceptable to accidentally discard a few
dozen legitimate messages if doing so allows blocking a few
thousand unsolicited/undesired ones.   I hope we never consider
that a good tradeoff but, if we do, the decisions should at
least be made openly and with some degree of community
consensus.  

If we are going to take further steps in the direction of
silently dropping undeliverable or undesired messages, I believe
we need to carefully consider the implications of that change to
the email model and, in particular, whether support for delivery
notifications should be made mandatory or other changes are
needed to keep email as a much more reliable service than, e.g.,
putting messages into bottles and throwing the bottles into
large bodies of water.   We should probably also encourage
requirements that email vendors and providers who consider
discarding possibly-legitimate messages reasonable in order to
reduce spam to disclose that fact to their users, customers, and
the community.

best,
    john








[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]