"Tom Neff" <[EMAIL PROTECTED]> wrote:
>Yes, this appears to be a BestServ software problem.
Let's rehash. BestServ is using an authentication mechanism that is
RFC legal and has worked for years. Recently, AOL has started munging
messages in a way that breaks BestServ's authentication. Therefore,
the problem "appears to be a BestServ software problem"?
Hello?
I can't *believe* anyone would honestly argue that BestServ is in the
wrong here, but at the very least, it's a "BestServ and AOL
incompatibility problem".
>Specifically, when you
>join a list using the web based interface (and/or email, maybe) you get a
>message of the form
>
> To: [EMAIL PROTECTED]
> Subject: List Auth Request ID=<x396c6c83.717.tMNmXtp3> REJECT
>
>and when you Reply, BestServ wants to see _exactly_ that string in the
>Subject, or no dice. That's a silly thing to do
No, that's a perfectly reasonable thing to do. They have every right
to expect their messages to be delivered intact.
How would you feel if Microsoft "fixed" the Outlook virus problem by
munging MIME headers and turning binary attachments into unreadable
text? Would that be a Microsoft problem, or would every other
MIME-compatible system on the planet suddenly have broken?
>- they should have used a
>regexp scannable ID string and look for it in subject or body ignoring
>delimiters.
Kindly propose a "regexp scannable ID string" that's guaranteed not to
mungable by AOL now or any time in the future, given that AOL feels
free to munge anything necessary to "protect their users".
>I am sure that BestServ could be fixed (at least to ignore a leading . in
>the ID) with a one line change, ...
Sure, but that's missing the point: AOL broke it, AOL should fix it.
>I disagree, because MLM authors have a duty to avoid relying on dangerous
>syntaxes like BestServ's pointy-delimited ID string. It's much harder for
>AOL to try and be "super-smart" to protect its members from malicious HTML
>while not ruffling a hair on BestServ's head, than it is for BestServ to get
>a clue and generate a more vanilla confirm ID (and be more generous about
>parsing for it afterwards).
AOL's problem is its own dangerous HTML e-mail extensions that require
Subject munging in order to protect their users. *That's* what should
be fixed. Or at least they should only munge potentially dangerous
HTML-like constructs.
Sheesh.
-Dave
