[Mimedefang] GMail (was Re: stripping Received headers based on authentication)

Les Mikesell lesmikesell at gmail.com
Wed Feb 17 15:50:52 EST 2010 

On 2/17/2010 1:47 PM, David F. Skoll wrote:
> (Why do I get sucked in? :))

Because you would be equally pedantic if you thought someone else was 
misinterpreting and abusing an RFC...

>>> No.  You misunderstand.  The web *server* is the email gateway.  It
>>> gateways mail *from* the browser (using HTTP) *to* the Internet (using
>>> SMTP).
>
>> Gateways need something on both sides to participate.
>
> Yep.  On one side: The Web browser.  On the other side: The rest of
> the Internet.  Why is that so hard to understand?

It is not a non-internet mail system running inside my browser - which 
is what the RFC covers.

> No.  It originates as email from withing the browser.  You may claim
> it's some black-box blob of data, but everyone who uses webmail will
> disagree.  Stop someone and say "What are you doing?"  He/she will say
> "Writing an email", not "filling in a form that the browser carries
> blindly and that turns into an email on the server."

No one thinks they are using a non-internet email system that runs 
inside their web browser or on their own machine - unless maybe they'd 
think facebook runs inside their laptop too.

> And if you ask Joe Brennan what he's doing, he'll say "Composing an
> email on machine x.y.z.w that's running Pine".  And if you ask a
> knowledgeable Thunderbird user with a remote X display what he's
> doing, he'll say "Composing an email in Thunderbird running on machine
> x.y.z.w."  It's clear to everyone where the real action is happening.

Just as clear as it is that there is no mail system running inside my 
browser and no gateway operation from one mail system to another 
happening as I post.  A person who would understand thunderbird running 
remotely would equally understand that gmail does not run on his local 
machine.

>> Partly both I suppose, but I don't like people interpreting RFC's oddly
>> to support their own agenda,
>
> You and Gmail are the only ones with this interpretation.  Other
> Webmail providers (Yahoo, Hotmail) and Webmail software (Squirrelmail;
> Horde) use my interpretation.  So I submit that you are the one
> interpreting the RFC oddly.

Just because they add a header doesn't mean an RFC requires it - or at 
least not that RFC.

> Here's the thing: Between the Google Webmail server and the client's
> Web browser, there is an interface between two administrative domains.
> Google doesn't own the Web browser (yet!), but it does own the Web
> server.
>
> For tracing purposes, it is desirable (I would say mandatory) to track
> the flow of email across this interface.

I don't necessarily disagree, I just don't think the gateway-related RFC 
applies here.

> Generally speaking, between an X client and an X server, or between an
> SSH client and an SSH server, there is not an interface between two
> administrative domains.  So apart from the fact that the SMTP gateway
> *cannot* report the client's IP, there's *no need* for it to do so.
> (If people started offering public-access Pine-over-SSH or
> public-access Thunderbird-over-X, I would change my position.)

I have an ssh account on a remote machine under approximately the same 
terms as my gmail mail account.  I don't see any point here or any 
difference in originating mail from a program on that machine or the 
gmail program displaying in my web browser.  They both originate under 
my credentials on the remote server and have no relationship to the 
keyboard where I'm typing.

>> As an email admin you have the right to discard email whimsically.
>
> It's not whimsical at all.  Google is suppressing critical information
> showing the flow of email from one administrative domain to another.
> This is purely evil and utterly unjustifiable.

OK, but that is unrelated to the RFC - and a matter of opinion since it 
is really a remote display from the administrative domain where the mail 
originates.  Anyway, I don't like web mail interfaces and almost never 
use it to access gmail.  How do you process mail that came through a 
gmail account from a user interface that submits via SMTP where the 
appropriate Received: line is added (coming from thunderbird, I see both 
my private and NATted address in there)?  If you drop that, who is doing 
the evil and unjustified thing?

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the MIMEDefang mailing list