Message-ID: <Ikt4twS00WBw4ICGcS@andrew.cmu.edu>
Date: Fri, 29 Dec 1995 15:24:28 -0500 (EST)
From: John Gardiner Myers <jgm+@CMU.EDU>
To: drums@cs.utk.edu
Subject: loop detection

During the WG meeting, I mentioned that the recommendation in section
5.2 that SMTP servers examine Received fields for the domain name of
the server is not sufficient for detecting loops.  A message may quite
legitimately pass through the same server multiple times, as long as
it is being delivered to different recipients each time.

To do loop detection by examination, an MTA would not only need to
scan the trace information for the signature of the MTA, it would also
have to look for a cryptographic hash of the evelope recipient set.  A
matching hash would in fact indicate the message is passing through
the same MTA with the same set of recipients and thus is in a loop.

The hash would have to be cryptographic (and possibly keyed with an
MTA-known secret) to avoid exposing to the message recipients any
useful information about any of the other message recipients.

This then begs the question: where in the message would one insert the
hash?  (I am assuming one would want to put the information in the
message, instead of keeping an on-server database.)  The 822 Received:
header is unfortunately not extensible.  One could, perhaps, use the
"id" field, but most MTA's use that for the queue-id.

There is also the fact that there is widespread deployment of MTA
implementations which count Received: headers.  Any MTA which uses a
more advanced loop detection mechanism is still going to run up
against these other MTA implementations which bounce messages which
have gone through "too many" delivery steps.

One possible approach would be to replace the function of Received:
with a different header, defined to be extensible.  This would,
however, probaly be more trouble than it's worth.

-- 
_.John G. Myers		Internet: jgm+@CMU.EDU
			LoseNet:  ...!seismo!ihnp4!wiscvm.wisc.edu!give!up