Re: Why the out of office messages aren't an example of misconfiguration.
At 02:38 PM 12/29/00 -0500, Perry E. Metzger wrote: Lots of people keep saying "Gee, well, exchange lets you turn off sending out of office messages to the internet. That's the problem -- misconfiguration." Why is this next message NOT an example of misconfiguration? ... It is not an example of misconfiguration because I NEVER SENT ED KLEIN A MESSAGE. I sent a message to an exploder. Maybe, and yes. You DID sent the message and it DID go to Ed. Ed got it from you. Although there is a line of argument that, actually, Ed got it from the mailing list service, the typical end-user view is that the message came from you and that the list service is just a convenient enhancement to the transfer service. (Here I am talking about end-users and not email technical architecture.) That's how we get to the behavior that sends automatic responses to messages. Send them to the From. Without qualification. The error, then, is really that the software has not been made to pay proper attention to a broader range human realities. The rule "if the recipient is not cited in the message header To or CC (and if there is no BCC) then do not sent an automatic response" embodies the distinction between personal mail and bulk mail. It is a heuristic, but a good one. (A local project mailing list might want the vacation notice, but probably not.) So, it is NOT a configuration error, in that the software is doing a user-to-user service, without having the proper behavior for typical user-to-user message situations. MAYBE it is a configuration error in that it might be ok to have a configuration switch controlling this. And that said, it's clear we need a standard covering automated responses. THEN it will quite clearly NOT be a matter of configuration... d/ =-=-=-=-= Dave Crocker [EMAIL PROTECTED] Brandenburg Consulting www.brandenburg.com Tel: +1.408.246.8253, Fax: +1.408.273.6464
Re: Why the out of office messages aren't an example of misconfiguration.
It wouldn't hurt to have a dummy's guide for writing vacation programs that spells out the obvious, such as the fact that an out-of-office notification is an unsolicted, ad hoc DSN. Having thought about this again as a result of the current discussion, I would probably argue that it's closer to an unsolicited, ad hoc, automatically-generated, MDN (in contrast with an MDN that is manually generated on a per-message basis). The reason I would argue this is that vacation notice isn't generated by the mail delivery system, it's generated by a user agent (or at least, something acting on behalf of the user); and that it's an indication of recipient action rather than of any action by the message delivery system. However I would still argue that in the absense of explicit direction on the part of the sender, that a vacation notice (i.e. a notice that the recipient's reading of the message will be delayed) should be returned to the person who sent the message (Sender or Return-path field) rather than to the person or persons on whose behalf the message was sent (From). Using Return-path would also be consistent with RFC 2298 recommendations for automatically-generated MDNs. Keith
Re: Why the out of office messages aren't an example of misconfiguration.
On 29 Dec 2000: I hate to have to give a basic lesson on this stuff on, of all places, Um... There exists concepts like: - mailing list maintainer - mailing list policy - unsubscribe a mailing list member Therefore, the maintainer should JUST DO IT! PS: As a maintainer, I have been using majordomo, ezmlm, as well as eGroups; eGroups is the best! happy y2k++ -- Rahmat M. Samik-Ibrahim - VLSM-TJT - http://rms46.vlsm.org Oops, I did it again... I am not that innocent... [Spears]
Why the out of office messages aren't an example of misconfiguration.
I hate to have to give a basic lesson on this stuff on, of all places, the IETF mailing list, but it appears that some folks around here don't know the details of of mail delivery. Lots of people keep saying "Gee, well, exchange lets you turn off sending out of office messages to the internet. That's the problem -- misconfiguration." Why is this next message NOT an example of misconfiguration? --- Start of forwarded message --- From: "Klein, Ed" [EMAIL PROTECTED] To: "Perry E. Metzger" [EMAIL PROTECTED] Subject: RE: Denial of Service by Spamware? Date: Fri, 29 Dec 2000 14:17:57 -0500 Ed Klein will be out of the office until January 2nd. --- End of forwarded message --- It is not an example of misconfiguration because I NEVER SENT ED KLEIN A MESSAGE. I sent a message to an exploder. The exploder, which has a SEPARATE, DISTINCT EMAIL ADDRESS, SENT THE MESSAGE. It is that address to which any error or automated deliveries should be directed. You see, in SMTP, we have a distinction between ENVELOPE and HEADER. In the From: line in the header, the address [EMAIL PROTECTED] appeared. However, that address doesn't count for mail delivery purposes. Consider the To: line -- it said "[EMAIL PROTECTED]" in the original message, and yet Mr. Ed Klein got the message. Obviously, the To: line didn't tell the mailers where to deliver the message. The From: line doesn't tell you where to deliver automated replies, either! The parts of this that count are not the From: and To: in the visible message headers. They are the "MAIL From:" and "RCPT To:" transaction lines in the SMTP exchange -- the so-called mail *ENVELOPE*. The reason Ed Klein could get this message even though it was addressed "To: [EMAIL PROTECTED]" in the header was because it said his address in the envelope. Similarly, in the envelope, the From: address was the mail address designated to get bounce messages from delivery failures and similar notifications, not MY address. *I* did not send the message to Ed Klein, the mail exploder did. The problem here is that some individual who designed Exchange's "out of office" notification facility did not understand the distinction between envelope and header. Other utilities which serve the same purpose do the correct thing. They will bounce a message to the envelope From: and not the header From: (Some are even more intelligent than that -- they will note that the envelope To: and message header To: (or Cc:) lines are not in accord, indicating a mailing list delivery and not mail personally to the recipient, and bounce NO MESSAGE AT ALL. However, we don't expect intelligent implementation in this case -- just correct implementation.) All it is that many of us are asking about virus notifications, vacation mail, etc. is that it go to the CORRECT place. Sure, it shouldn't be sent at all, but if it is going to be sent, let it at least be sent to the envelope From: and not the header From:. There are a number of other issues, of course. Exchange frequently does not tell you who a bouncing message was sent to (assuming that naturally you'll just know -- the designer never considered mailing lists), and often doesn't include the original message (making it impossible to figure out what message caused the bounce). However, I try to complain about only one serious flaw at a time. Perry