Draft specification for future X-Trace header

Olaf Titz olaf at bigred.inka.de
Thu Jul 6 09:00:12 UTC 2000


>  >The problem is precisely that you can't count on all gateways to
>  >behave well.
> And why would you count on all gateways supporting X-Trace?

I don't. If I, at my gateway, insert the original MID at a point
likely to survive further gating, then I can compare the message
against the known ID when it loops back to my site. The only
expectation here is that the new header goes through the gateways
unmolested (this may fail on Fidonet but everything else fails at
Fidonet too, I'm primarily thinking of RFC 822 mailinglist systems).

>  >(Some incoming messages even don't have a Message-ID at all.)
> Just hash the body in a standard way.

That would be another option, but it tends to being fragile. Think of
the Lines header and truncated articles, think of those mail systems
which always append a newline, etc.

> Cool. So spammer would just add a bunch of X-Trace headers and let
> people pick the right one...

That's the same situation as with the Received header in mail.
Spammers may insert any number of bogus ones, but they can't stop the
system from inserting the right one as well. And spam will be
identified by the rate-limiting mechanism (cleanfeed), comparing just
_one_ of them.

Spam handling has to move away from complaints and retroactive
cancelling to automatic detection and blocking in any case.

(Okay, that conflicts a bit with the "no rejection in history"
provision. I'll have to rethink that.)

>  >> POST newsfeeds are evil.
>  >But in the real world you can't avoid them. There is no other way for
> This is not true. Nobody will accept your argument for allowing them.

Then tell me how I, as an ordinary citizen with a standard ISP
connection (i.e. no transfer permission and no UUCP), can hand the
postings made on my own INN (or Diablo, etc.) system to the ISP's
server without using POST feeds. "Don't use INN" is not an option
either, this is not even a leaf node.

Olaf

PS. Actually I do have UUCP and this is an important part in my choice
of ISPs, but that is rather expensive and not an option for the mass market.




More information about the inn-workers mailing list