| 1 |
On Thu, Aug 20, 2020 at 9:39 PM Caveman Al Toraboran |
| 2 |
<toraboracaveman@××××××××××.com> wrote: |
| 3 |
> |
| 4 |
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
| 5 |
> On Thursday, August 20, 2020 11:41 AM, antlists <antlists@××××××××××××.uk> wrote: |
| 6 |
> |
| 7 |
> > Will that python script allow for the situation that the message is |
| 8 |
> > received, but the message was NOT safely stored for onwards transmission |
| 9 |
> > before the receiver crashed, and as such the message has not been |
| 10 |
> > SUCCESSFULLY received? |
| 11 |
> > |
| 12 |
> > SMTP has lots of things specifically meant to ensure messages survive |
| 13 |
> > the internet jungle on their journey ... |
| 14 |
> |
| 15 |
> thanks for the point. would it suffice if we have |
| 16 |
> these notifications: |
| 17 |
> |
| 18 |
> 1. receipt by final mail server (mandatory). |
| 19 |
> 2. receipt by end user(s) (optional). |
| 20 |
> 3. opening by end user(s) (optional). |
| 21 |
> |
| 22 |
|
| 23 |
I don't really want to get into the gory details and have only skimmed |
| 24 |
the discussion, but my sense is that you're talking about a new way to |
| 25 |
deliver mail that makes two sorts of changes: |
| 26 |
|
| 27 |
1. Modernizing the actual data exchange using http/etc. |
| 28 |
2. Changing the model around email moving to something more |
| 29 |
PKI-based/etc and redefining what an email address is. |
| 30 |
|
| 31 |
This stuff can be interesting to discuss, but email is SO entrenched |
| 32 |
that I don't see any of this changing because of all the legacy |
| 33 |
issues. You would need to offer something that is both easier and |
| 34 |
better to use to such a degree that people are willing to change. |
| 35 |
|
| 36 |
However, I'll comment on both of these issues: |
| 37 |
|
| 38 |
1. Modernizing the actual data exchange using http/etc. |
| 39 |
|
| 40 |
I don't think you'll get much argument that SMTP isn't the way |
| 41 |
somebody would do things if they were designing everything from |
| 42 |
scratch. I'm not an API expert but I imagine that just about any of |
| 43 |
the modern alternatives would be an improvement. http would be a |
| 44 |
pretty likely protocol to handle the transportation, likely with |
| 45 |
something like JSON/xml/etc carrying the payload. You might want to |
| 46 |
tweak things slightly so that recipient validity can be tested prior |
| 47 |
to transferring data. A mail server doesn't want to accept a 20MB |
| 48 |
encrypted payload if it can bounce the whole message based on the |
| 49 |
recipient or a non-authenticated sender or whatever. However, in |
| 50 |
principle there are plenty of modern ways to build a transport |
| 51 |
protocol that would be an improvement on SMTP and use more standard |
| 52 |
libraries/etc. |
| 53 |
|
| 54 |
I think this is actually the part of your proposal that might be more |
| 55 |
likely to take off. You could have a new type of MX field in DNS and |
| 56 |
if it is set then it defines servers that will use the new protocol, |
| 57 |
and you could have backup SMTP servers for legacy transition. You |
| 58 |
could change the transport side of things without redefining how email |
| 59 |
works, so the same messages are interoperable with both systems. |
| 60 |
|
| 61 |
On the flip side, while I think this is an easier change to make, I |
| 62 |
don't think it necessarily offers huge improvements. SMTP still gets |
| 63 |
the job done, and the new system wouldn't really be a major |
| 64 |
improvement from a sysadmin standpoint, so I don't see everybody |
| 65 |
running out to change. Just changing the transport protocols doesn't |
| 66 |
provide any anti-spam/etc benefits. SMTP already supports TLS so it |
| 67 |
isn't any more secure. No doubt if we were starting from scratch this |
| 68 |
is how it would be done, but it isn't enough of a reason to change. |
| 69 |
That said, if there were even modest benefits for large mail providers |
| 70 |
I could see it taking off simply because it could leverage a lot of |
| 71 |
existing libraries and standards, and could have legacy compatibility. |
| 72 |
|
| 73 |
2. Changing the model around email moving to something more |
| 74 |
PKI-based/etc and redefining what an email address is. |
| 75 |
|
| 76 |
This is where you could have revolutionary improvements for |
| 77 |
privacy/spam/etc. However, it completely breaks everything that |
| 78 |
exists with email today, so it is a hard change. Most of the benefits |
| 79 |
only accrue if you adopt PKI as well, which is a problem that is hard |
| 80 |
to scale out to the masses. |
| 81 |
|
| 82 |
If somebody comes up with a way to make PKI take off in a real way, |
| 83 |
then I could see something like this taking off eventually. |
| 84 |
Otherwise, this stuff is only going to be of interest to the sorts who |
| 85 |
use gpg to sign their email, and nobody else. |
| 86 |
|
| 87 |
-- |
| 88 |
Rich |
Archives