From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Tue May 07 2002 - 13:53:08 CDT
In <3CD632C3.622@xyzzy.claranet.de> Frank Ellermann <nobody@xyzzy.claranet.de> writes:
>- in 6.1 (Reply-To) TLD .invalid should be explicitly mentioned
> as abuse. For examples where TLD .invalid is already used in
> Reply-To headers, see the recent discussions in the newsgroup
> de.admin.net-abuse.mail
Why would you want that? If people want to prevent replies by email, that
is one perfectly reasonable way to do it. Not having seen the discussion
in de.admin.net-abuse.mail, perhaps you could summarize it for us.
>- in 5.2 (From) TLD .invalid should be restricted to clients
> of systems supporting 6.19 (Injector-Info). If that's not
> your intention please add some examples, how 7.3 (Cancel) is
> meant to work in conjunction with TLD .invalid (if at all).
Again, that was never our intention. And I see no conflict in 7.3, because
we no longer require the issuer of the cancel to "appear" to be the same
as the original From/Sender, though he had better add an Approved header
if he is not the same (I did ask on this list, a few weeks back, whether
anybody wished to review that situation, but nobody did.). It may well be
the case that a person who uses the TLD .invalid may find his own cancels
of his own articles not honoured at many sites, but that is his problem.
Granted the intended Security Extension will have to tighten up the
position of cancels, whether by signatures, cancel-locks, or some
combination.
>- in 6.19 (Injector-Info) please add instructions for the use
> of sender=verified in conjunction with TLD .invalid.
Any injector that used 'verified' in conjunction with From: ...invalid
would clearly be lying in its teeth. I would have though that was onvious,
but I could spell it out in a NOTE if people are really bothered.
The whole point about Injector-Info is that injectors SHOULD use it to
provide some means of getting back to the originator, with or without the
aid of the injector's logs according to the method used. I doubt the
sender-parameter will often be used, except on small sites where the
injector and the sender are known to each other.
>The background of these questions is quite simple, some posters
>(in TLH de) are planning to use TLD .invalid a.s.a.p. as a kind
>of miraculous spam block. So at least all technical drawbacks
>SHOULD (or Ought to ;-) be clear.
I don't think there is anything miraculous about .invalid. Certainly, it
needs to be used in conjunction with some not-too-obvious munging.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5