[Mimedefang] GMail (was Re: stripping Received headers based on authentication)

David F. Skoll dfs at roaringpenguin.com
Wed Feb 17 14:47:53 EST 2010

(Why do I get sucked in? :))

>> No.  You misunderstand.  The web *server* is the email gateway.  It
>> gateways mail *from* the browser (using HTTP) *to* the Internet (using
>> SMTP).

> Gateways need something on both sides to participate.

Yep.  On one side: The Web browser.  On the other side: The rest of
the Internet.  Why is that so hard to understand?

> If it isn't email inside the browser (and it isn't, it is a form
> that the browser displays mindlessly and http carries blindly), how
> can it be a gateway operation?

I'll explain...

> It originates as email from the web application on the server with the
> user's credentials.

No.  It originates as email from withing the browser.  You may claim
it's some black-box blob of data, but everyone who uses webmail will
disagree.  Stop someone and say "What are you doing?"  He/she will say
"Writing an email", not "filling in a form that the browser carries
blindly and that turns into an email on the server."

And if you ask Joe Brennan what he's doing, he'll say "Composing an
email on machine x.y.z.w that's running Pine".  And if you ask a
knowledgeable Thunderbird user with a remote X display what he's
doing, he'll say "Composing an email in Thunderbird running on machine
x.y.z.w."  It's clear to everyone where the real action is happening.

> Partly both I suppose, but I don't like people interpreting RFC's oddly
> to support their own agenda,

You and Gmail are the only ones with this interpretation.  Other
Webmail providers (Yahoo, Hotmail) and Webmail software (Squirrelmail;
Horde) use my interpretation.  So I submit that you are the one
interpreting the RFC oddly.

> and I don't see how anything a browser does can be considered as any
> more than a remote display for a server side application.

Here's the thing: Between the Google Webmail server and the client's
Web browser, there is an interface between two administrative domains.
Google doesn't own the Web browser (yet!), but it does own the Web

For tracing purposes, it is desirable (I would say mandatory) to track
the flow of email across this interface.

Generally speaking, between an X client and an X server, or between an
SSH client and an SSH server, there is not an interface between two
administrative domains.  So apart from the fact that the SMTP gateway
*cannot* report the client's IP, there's *no need* for it to do so.
(If people started offering public-access Pine-over-SSH or
public-access Thunderbird-over-X, I would change my position.)

> As an email admin you have the right to discard email whimsically.

It's not whimsical at all.  Google is suppressing critical information
showing the flow of email from one administrative domain to another.
This is purely evil and utterly unjustifiable.



More information about the MIMEDefang mailing list