incoming mail without information in the from, to, subject fields

Discussion in 'Computer Security' started by Doug Fox, Apr 17, 2004.

  1. And even the original RFC 822 said that the From: header was required.
    Section 4.1 says:

    fields = dates ; Creation time,
    source ; author id & one
    1*destination ; address required
    *optional-field ; others optional

    And Appendix A.3.1 says:

    A.3.1. Minimum required

    Date: 26 Aug 76 1429 EDT Date: 26 Aug 76 1429 EDT
    From: or From:
    Bcc: To:

    Note that the "Bcc" field may be empty, while the "To" field
    is required to have at least one address.
    Barry Margolin, Apr 22, 2004
    1. Advertisements

  2. ...and 4.4.1 seems to give alternatives..

    Hairy One Kenobi, Apr 22, 2004
    1. Advertisements

  3. True about the older RFCs.. personally, I'm a little agin 2821 - for one
    thing, it'll cause complete email chaos when a virus gets released (uh
    huh..), for another it dumps the SEND function for no other reason that
    noone else seems to have thought about using existing protocols for instant
    messaging ;o)

    Seem to remember that this got thrashed out on the NTL froup? There was a
    minor disagreement as to whether a "domain" was the fully-qualified host or
    not. 'Twas a while back, admittedly..

    Hairy One Kenobi, Apr 22, 2004
  4. "no other reason"? How about the fact that virtually no SMTP
    implementations support it? None of the IM implementations make use of
    it, they developed protocols tailored to that application. Do you think
    someone is suddenly going to say "Shit, we've wasted all that
    development effort, we could be using SMTP's SEND command!"
    Barry Margolin, Apr 22, 2004
  5. Nope. Would have been nice if someone had looked beforehand, though. Or have
    you never come across an organization using IM internally, usually with no
    idea that the function is already built-in to the OS?

    And, yes, I implemented it in my own server for a reason.. ;o)

    Hairy One Kenobi, Apr 23, 2004
  6. But since none of the common SMTP clients/servers actually implemented
    the SEND mechanism, it *wasn't* already built-in to the OS.

    And is SMTP's SEND feature really sufficient and/or appropriate for a
    useful IM network? You also need a rendezvous protocol to detect when
    your buddies are on-line, find their address, etc. Since you have to
    design a new protocol for this, it may be simplest to incorporate the
    message sending into it as well, rather than using the heavy-weight SMTP
    protocol for it.
    Barry Margolin, Apr 23, 2004
  7. ?

    Usually called something like "talk", "chat", "send", or whatever. Even NT
    3.0 implemented it, IIRC. Most "modern" Windows users would probably be
    happier if I called it "net send" or "winpopup", though ;o)
    Depends on how far you go into it, I guess. For my own part, most commercial
    systems such as helpdesks, groupware, etc. just need a simple "pop it up if
    they're logged-on, queue it if they ain't" approach:

    SOML FROM: <>
    RCPT TO: <>
    Hello World


    Seems fairly lightweight to me.. funnily enough, helpdesk usage was what
    spurred me on in the first place.

    Hairy One Kenobi, Apr 23, 2004
  8. But it doesn't really fit in at all with the modern client-server
    approach to mail reading, where users are not generally "logged in" to
    the server. The SEND facility is a relic of the days when timesharing
    systems were prevalent.
    Barry Margolin, Apr 23, 2004
  9. True, but that doesn't necessarily make it less relevant - with helpdesks
    (in particular), the challenge has been to move /away/ from continuously
    connected two-tier to a central host and discontinuous protocol.

    Or, in other words, a Web server and HTTP.

    The main reason I added the facility was for my never-quite-started HTTP
    helpdesk project - I've yet to come across an HD/CRM systems that does
    anything more than limp along as far as the Web and email are concerned..

    Specialised stuff, I know, but..

    Hairy One Kenobi, Apr 24, 2004
  10. Doug Fox

    Don Kelloway Guest

    Don Kelloway, Apr 29, 2004
  11. Doug Fox

    Don Kelloway Guest

    Whoa! 110 baud?

    My first was a 300 back in the early 80's. I used it for Usenet, Gopher
    and BBS's. Gawd! I certainly don't miss those phone bills! Of course
    it wasn't until a year later that I *upgraded* to a 1200 and began
    hosting my own BBS! Whew what a difference that made. ye-haw!

    Best regards, Don Kelloway
    Commodon Communications

    Visit to learn about the "Threats to Your
    Security on the Internet".
    Don Kelloway, Apr 29, 2004
  12. Doug Fox

    Alan Connor Guest

    Don. You already responded to this post, and my filter informs me
    that your signature is still over-sized.

    (I didn't read your first reply either, for the same reason.)

    Fix it or I'll never read one of your posts again.

    And please, tell all of us why you regard yourself to be exempt
    from the Netiquette.

    You can fit a lot of information in four lines. 99.999% of the
    people on the Usenet have no problems with 4 lines.

    Signatures are supposed to be *signatures*, and not intrusive.

    If you have something important to say, put the URL in your
    sig. Websites can be obtained for FREE, and most ISPs offer
    at least one for free with standard accounts. Basic HTML
    is childsplay.


    paste text document here


    That's it. A complete web page.

    You see, Don, when someone has a signature like yours, one
    always gets the feeling that they are responding just to spread
    whatever information is in that signature around, not because
    they are particularly interested in the subject at hand.

    Have a good one. You will not receive any reply of any kind
    from me again. I do not like giving people like you the excuse
    to continue with their advertising campaign.

    But you do deserve a careful explanation and this is it.

    Alan Connor, Apr 29, 2004
  13. Doug Fox

    N1POP Guest

    [snipped all off-topic bits]

    Nothing left.
    N1POP, Apr 29, 2004
  14. Doug Fox

    Don Kelloway Guest

    You're filter is broken and you're complaining about others? tsk, tsk,

    The complimentary closing *AND* signature I've been using contains 19
    words, or 125 characters (no spaces), or 142 characters (with spaces).
    If I place the closing above and the signature below (as demonstrated
    below) then my signature contains 13 words, or 80 characters (without
    spaces), or 92 characters (with spaces). Would this approach meets your
    filter's simplistic logic?

    Regardless of what I choose to do with my signature it fails to address
    the fact that the signature you've been using contains 24 words, or 199
    characters (no spaces), or 230 characters (with spaces). Please fix it
    or I'll never read one of your posts again.

    Hey. Can your filter block you from posting? I think I'm beginning to
    understand why there are many people who'd like to see that happen.
    Yes, you can fit a lot of infomation in four lines and you have
    obviously chosen to do so. All twenty-four words which consist not of
    just one URL, but THREE!

    And at what point does a signature become intrusive? When it has one
    URL or three? Regardless I bet you thank your stars for tinyurl
    otherwise you'd be looking at 28 words, or 295 characters (without
    spaces) or 325 characters (with spaces) in your signature!
    I did place an URL (one URL) in my signature, but you are right about
    HTML being child's play and I couldn't agree with you more. Especially
    after having viewed the URLs in your sig. BTW you should probably
    consider removing the ability for one to browse the directory structure
    on your website. Otherwise it can lead to bad things.

    BTW - I'm unsure of your intent behind the "Rudimentary Web Design"
    comment, but if it's by chance directed towards me as I suspect it might
    be after your 'training wheels' attempt to demonstrate your prowess at
    writing HTML. You should probably know that not only do I design and
    host my website through an Earthlink Business account, they mirror it
    because of it's content and the amount of traffic directed to it. Not
    bad for site that's ahem, rudimentary designed?
    I believe I responded in great detail to the OP and offered step-by-step
    instructions to accomplish the task requested. I think this is highly
    indicative of my level of participation whereas your participation has
    offered nothing. If anyone is looking to spread their signature around
    I think it would be you as demonstrated thus far.
    Advertising campaign? How difficult it must be for you to live in a
    glass house.

    Best regards,
    Don Kelloway
    Commodon Communications
    Don Kelloway, Apr 29, 2004
  15. The netiquette guidelines are in terms of lines, not words or
    characters. RFC 1855 recommends keeping signatures to 4 lines.
    However, this RFC is informational, not a protocol specification that
    must be followed rigidly. And even this particular one is somewhat

    - If you include a signature keep it short. Rule of thumb
    is no longer than 4 lines. Remember that many people pay for
    connectivity by the minute, and the longer your message is,
    the more they pay.

    It's just a "rule of thumb", not a hard rule. I find it incredible that
    someone would be so pedantic that they would filter out your simple,
    6-line signature. The "intrusive" sigs that prompted the guideline are
    the ones with annoying ASCII art, or long political missives. If I
    filtered on signature length, I wouldn't think of using a threshhold
    less than 10 lines.
    Barry Margolin, Apr 29, 2004
  16. [deleted]

    Not that I am an AC-fan (OTOH, aren't most fans AC-fans? :)), but in
    this respect AC is right. The GNKSA (Good Net-Keeping Seal of Approval,
    see <, the standard which is honored by most
    newsreader authors and users, says this on the subject:

    S> 15) Separate signatures correctly, and don't use excessive ones
    S> Posting software SHOULD separate any signature appended to outgoing
    S> articles from the main text with a line containing only `-- ' ("dash
    S> dash space"). To quote son-of-rfc1036:
    S> <<If a poster or posting agent does append a signature to an
    S> article, the signature SHOULD be preceded with a delimiter
    S> line containing (only) two hyphens (ASCII 45) followed by
    S> one blank (ASCII 32). Posting agents SHOULD limit the
    S> length of signatures, since verbose excess bordering on
    S> abuse is common if no restraint is imposed; 4 lines is a
    S> common limit.>>
    S> Hence, posting software SHOULD prevent the user from using excessively
    S> long signatures, or at least warn the user against it. A widely
    S> accepted standard is the so-called McQuary limit: up to 4 lines, each up
    S> to a maximum of 80 characters.
    S> Rationale: Being confronted with (possibly excessively long) signatures
    S> repetitively is, or can be, annoying to many. Being able to separate
    S> the main text and the signature clearly is important, not only to
    S> prevent the possible mistake of misinterpreting a signature, but also to
    S> enable automatic signature suppression for those who wish to do so.
    Frank Slootweg, Apr 29, 2004
  17. Doug Fox

    Don Kelloway Guest

    Then I must concede and beg forgiveness for my inappropriate signature.
    Let it be stated that from this point forward it shall read as it is
    reflected below. Though the only difference is that I've separated the
    complimentary closing from it.

    Best regards,
    Don Kelloway
    Commodon Communications
    Don Kelloway, Apr 29, 2004
  18. Doug Fox

    Don Kelloway Guest

    How often have we all seen this particular topic discussed? Two or
    three thousand times? LOL Often it bubbles up in the middle of a
    thread by someone who contributes nothing else other than to cite their
    feelings on the subject. Reminds me of the never ending ST vs. SW, Kirk
    vs. Picard, etc.

    But yes, you are right. The recommendation is to keep signatures to 4
    lines and as you've noted, the real reason to prompt it was to help
    minimize the cost incurred to the reader because of those who would use
    ASCII art, long political missives, etc.

    re: It's just a "rule of thumb", not a hard rule.

    Thank goodness for these gray areas in life. Otherwise we'd all be
    buried in citations for doing 70mph on the highway. <LOL>

    Of course if I am to comply with the recommendation, it seems readily
    apparent that all I would need to do would be to separate the
    complimentary closing from the rest and voila!

    Best regards,
    Don Kelloway
    Commodon Communications
    Don Kelloway, Apr 29, 2004
  19. Doug Fox

    Alan Connor Guest

    <shock> Tell me it isn't so!!


    Thanks Frank. I seem to have misjudged you. Sorry.

    Alan Connor, Apr 29, 2004
  20. No problem, Alan! We just happen to agree on this subject (sig-size)
    and disagree on others (most notably CR systems in general and yours in
    particular), but that is no problem. There is no rule on Usenet which
    says that we should always agree. OTOH, I disapprove of your method of
    calling your CR-'opponents' idiots, spammers, etc.. *That* only make
    *you* look bad. I.e. discuss things in a reasonable way or just (try to?
    :)) ignore the postings/responses. I hope this feedback is of some use
    to you. Please be assured that it is well meant. Thanks.

    Frank Slootweg, Apr 30, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.