1 |
On Thu, Aug 20, 2020 at 9:39 PM Caveman Al Toraboran |
2 |
<toraboracaveman@××××××××××.com> wrote: |
3 |
> |
4 |
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
5 |
> On Thursday, August 20, 2020 11:41 AM, antlists <antlists@××××××××××××.uk> wrote: |
6 |
> |
7 |
> > Will that python script allow for the situation that the message is |
8 |
> > received, but the message was NOT safely stored for onwards transmission |
9 |
> > before the receiver crashed, and as such the message has not been |
10 |
> > SUCCESSFULLY received? |
11 |
> > |
12 |
> > SMTP has lots of things specifically meant to ensure messages survive |
13 |
> > the internet jungle on their journey ... |
14 |
> |
15 |
> thanks for the point. would it suffice if we have |
16 |
> these notifications: |
17 |
> |
18 |
> 1. receipt by final mail server (mandatory). |
19 |
> 2. receipt by end user(s) (optional). |
20 |
> 3. opening by end user(s) (optional). |
21 |
> |
22 |
|
23 |
I don't really want to get into the gory details and have only skimmed |
24 |
the discussion, but my sense is that you're talking about a new way to |
25 |
deliver mail that makes two sorts of changes: |
26 |
|
27 |
1. Modernizing the actual data exchange using http/etc. |
28 |
2. Changing the model around email moving to something more |
29 |
PKI-based/etc and redefining what an email address is. |
30 |
|
31 |
This stuff can be interesting to discuss, but email is SO entrenched |
32 |
that I don't see any of this changing because of all the legacy |
33 |
issues. You would need to offer something that is both easier and |
34 |
better to use to such a degree that people are willing to change. |
35 |
|
36 |
However, I'll comment on both of these issues: |
37 |
|
38 |
1. Modernizing the actual data exchange using http/etc. |
39 |
|
40 |
I don't think you'll get much argument that SMTP isn't the way |
41 |
somebody would do things if they were designing everything from |
42 |
scratch. I'm not an API expert but I imagine that just about any of |
43 |
the modern alternatives would be an improvement. http would be a |
44 |
pretty likely protocol to handle the transportation, likely with |
45 |
something like JSON/xml/etc carrying the payload. You might want to |
46 |
tweak things slightly so that recipient validity can be tested prior |
47 |
to transferring data. A mail server doesn't want to accept a 20MB |
48 |
encrypted payload if it can bounce the whole message based on the |
49 |
recipient or a non-authenticated sender or whatever. However, in |
50 |
principle there are plenty of modern ways to build a transport |
51 |
protocol that would be an improvement on SMTP and use more standard |
52 |
libraries/etc. |
53 |
|
54 |
I think this is actually the part of your proposal that might be more |
55 |
likely to take off. You could have a new type of MX field in DNS and |
56 |
if it is set then it defines servers that will use the new protocol, |
57 |
and you could have backup SMTP servers for legacy transition. You |
58 |
could change the transport side of things without redefining how email |
59 |
works, so the same messages are interoperable with both systems. |
60 |
|
61 |
On the flip side, while I think this is an easier change to make, I |
62 |
don't think it necessarily offers huge improvements. SMTP still gets |
63 |
the job done, and the new system wouldn't really be a major |
64 |
improvement from a sysadmin standpoint, so I don't see everybody |
65 |
running out to change. Just changing the transport protocols doesn't |
66 |
provide any anti-spam/etc benefits. SMTP already supports TLS so it |
67 |
isn't any more secure. No doubt if we were starting from scratch this |
68 |
is how it would be done, but it isn't enough of a reason to change. |
69 |
That said, if there were even modest benefits for large mail providers |
70 |
I could see it taking off simply because it could leverage a lot of |
71 |
existing libraries and standards, and could have legacy compatibility. |
72 |
|
73 |
2. Changing the model around email moving to something more |
74 |
PKI-based/etc and redefining what an email address is. |
75 |
|
76 |
This is where you could have revolutionary improvements for |
77 |
privacy/spam/etc. However, it completely breaks everything that |
78 |
exists with email today, so it is a hard change. Most of the benefits |
79 |
only accrue if you adopt PKI as well, which is a problem that is hard |
80 |
to scale out to the masses. |
81 |
|
82 |
If somebody comes up with a way to make PKI take off in a real way, |
83 |
then I could see something like this taking off eventually. |
84 |
Otherwise, this stuff is only going to be of interest to the sorts who |
85 |
use gpg to sign their email, and nobody else. |
86 |
|
87 |
-- |
88 |
Rich |