Hacker News new | past | comments | ask | show | jobs | submit login

You don’t seem to understand the standards you are complaining about. You are using mail submission, not relaying. RFC5321 specifically says that it does not cover submission, and defers to RFC4409 (3.6.1) which specifically allows From header rewriting (8.8).

If you’re going to complain about the standards-compliance of other people's services it’s important to understand the standard first.




I discuss exactly this in the article. I even referred to sec. 8.8 (of the current 6409; 4409 is superseded (but 8.8 is the same)).


Yeah but you don’t seem to really grok it.

“ The MSA MAY rewrite local parts and/or domains in the SMTP envelope and, optionally, in address fields of the header, according to local policy.“

Generally MSAs are permitted to do almost anything. Your reading of the RFC which requires MSAs to merely reject instead of modifying messages is not backed by any of the language in the RFC. Essentially, you seem to misunderstand “may” “must” and “should” as used in these documents.


You're extracting one sentence out of several paragraphs. The following paragraph restricts the permissible rewriting, and Google is going beyond what is permitted. If your interpretation differs from mine, that's fine. I don't think you need to support your view by selective quotations and accusing me of not being aware of what I explicitly dealt with.

The meaning of the whole section is clear, and I stand behind what I wrote.


Again, the only thing that seems clear here is that you don't know how to read an RFC. The only "must not" in 8.8 is the prohibition of changing the destination local parts. "must not" appears nowhere else in section 8, and 8 is not strongly prescriptive as it "describes a number of such modifications that are often considered useful". The described modifications are not thought to be exhaustive. Moreover, 5321 describes MSA as "arrangements are private and fall outside the scope of this specification, they are not described here." 5321 does not control MSA and 4409/6409 do not defer to 5321 on any point. 4409/6490 do _refer_ to 5321, of course.

There are only 5 MUST NOTs in 6409 and there are zero SHOULD NOTs. The standard permits the MSA to do pretty much anything it wants to do. I think you should begin by reading 2119 "Key words for use in RFCs to Indicate Requirement Levels".


'The only "must not" in 8.8 is the prohibition of changing the destination local parts.'

That's not even true. If anyone cares about this they should just read the texts. I'm certainly not going to argue this any further. We're looking at the same page and seeing different words.

It actually says this:

"However, only addresses, local-parts, or domains that match specific local MSA configuration settings should be altered"

In other words, the opposite of what you claim. You can keep banging on this if you find it useful, but I'm not going to read any more of your comments.


According to RFC2119, which defines these terms, "should" and "should not" are recommendations with the caveat that individuals not following said recommendations need to understand the full implications what they are doing.

On the other hand, the words "must" and "must not" specify absolute requirements and prohibitions of the standard, respectively.


I think the confusion comes from parsing the poorly worded "only X should be altered" which doesn't really make it clear how the "should" applies.

The clear wording would be "... should only alter X" which makes it clear that altering things other than X needs be be done with full understanding of the implications.


I know nothing about these RFCs, but this seems trivial to clear up with a reference to the text. Here's RFC6409 section 8.8: https://tools.ietf.org/html/rfc6409#section-8.8. There is exactly one "MUST NOT" and it looks like it only prohibits what your parent said it does.


There seems to be an idea floating around that anything at all is permitted under the RFC for MSAs unless it is specifically prohibited using the phrase "must not", regardless of context and other guidance in this RFP and the other RFPs that refer to it. Perhaps this is true. I have a sincere question for anyone holding this opinion: would Google be in compliance if their software altered the message body by adding the sentence "Google is the best search engine ever." here and there, at random? If not, why not, exactly?


yes they would be compliant.

They wouldn't be a good server to use, but they'd be one compliant to the specification.

--> What this tells you is that abiding by the spec is not everything, it just sets minimum interoperability guarantees.


Thanks for this reply. It's food for thought.


In Poland it was standard to add ads as mail footers among homegrown free providers. Some still do. If they don't have sold ads they just advertise themselves.

Made me hate pretty much all footers, especially the bloated corporate ones.


"should be" is not the same as "must be"




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: