Re: We need an architecture, not finger pointing.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Oct 28, 2015, at 2:34 PM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
> > On Wed, Oct 28, 2015 at 02:14:23PM -0400, Ted Lemon wrote:
> >
> >> And this is because the SMTP store-and-forward model requires that error
> >> messages be delivered asynchronously, which is another architectural
> >> problem with SMTP.
> >
> >    1.  There is no requirement to always send asynchronous bounces,
> > 	most properly operated mail systems strive to reject
> > 	synchronously rather than accept and then bounce.  Avoidable
> > 	backscatter is frowned upon.
> >
> >    2.  It is not possible to *guarantee* delivery of all mail accepted
> >        for onward relaying.  *Some* asynchronous errors are unavoidable.
> >
> >> If error messages could be delivered at the moment of transmission rather
> >> than later, at least most of the time, this wouldn't be an issue.
> >
> > Most of the time, on properly configured receiving systems, errors
> > are already synchronous.

> This is almost never the case.

Actually, in the SMTP world, it's almost always the case. The majority of email
systems go to *tremendous* lengths to perform all SMTP rejections at the point
of ingress to the administrative domain, because doing anything else
unavoidably creates large amounts of blowback spam. And that's not acceptable
for a bunch of different reasons.

In the very rare cases where a check ended up having to be done somewhere past
the ingress MTA at a site that uses our software, a bug filing was always the
immediate result. And I can assure you we accord such bugs the highest possible
priority, because we're well aware of how serious their effect can be on a
site's reputation.

> Sure, if you send mail to a RCPT TO: that fails, then you can get immediate
> notification, but rejection of attachments generally happens after the mail has
> been accepted and queued.

Interestingly, you're wrong on both counts. SUBMIT-time recipient address
validation is generally only achievable for addresses within an administative
domain. The minute you send to someone outside your ADMD, such validation gets
to be much more difficult for a variety of reasons.

And the same rules apply regardless of your rejection criteria. Intra-ADMD
Messages are rejected based on content analysis at submission time all the
time. Messages destined for other ADMDs are not, because the rejection criteria
are implemented by the other ADMD's servers and are not available to the SUBMIT
server. But in such cases the rejection does happen at the ADMD ingress point.

To put this another way, is it's not the nature of the check, it's who is
performing the check, that determines whether or not it can be done immediately
from the MUA's perspective.

> In order to _bounce_ a message based on content,
> you need to evaluate it before sending the "250 Message Accepted response."  

Yep, and that's exactly what is done. Routinely and at enormous scale.

> There is a valid code for that, which I don’t remember off the top of my
> head, but I don’t know of any MTAs that use it.

For better or worse, the code for the MTAs handling the majority of the world's
email is no longer something you can inspect. But even looking at the open
source world, there are a number of milters with this capability, and there's a
selection of MTAs that support milter.

> The point is that it is possible following the current specs to deliver an
> immediate response in the majority of cases, but that isn’t being done, and
> furthermore MUAs aren’t expecting it, and so probably won’t give the user a
> message that explains to them why the message was rejected.   This is an
> entirely solvable problem, but it is not a solved problem.

Your problem is you're confusing and conflating message submission (SUBMIT) and
relay (SMTP). We now talk about these as separate protocols for a reason.

And as far as MUA handling of various sorts of errors, it really depends on the
mail client. Some clients handle immediate errors well, others do it poorly,
and some are abysmal. By the same token some clients handle nondelivery report
messages well and some do not.

MUAs aren't really my thing, so I can't really talk about what's common
and what isn't in that space.

In any case, the bottom line is you're jumping to conclusions about a vast
infrastructure that's currently handling in excess of a trillion messages a day
based on what appears to be little more than your personal experience. And I
must say if your experience is what you say it is, it's more than a little
atypical.

				Ned




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]