NordVPN Promotion

Home / Blogs

The Root of All Email

This week, the Internet Engineering Task Force (IETF) published a number of what they call “RFCs,” which originally meant “Requests for Comment”—the standards documents which specify the technical underpinnings of the Internet. Two of these, numbered 5321 and 5322, replace earlier documents defining the very core of internet email. On the surface, each of these seem surprisingly simple; one aims “...to transfer mail reliably and efficiently,” while the other defines itself as “...a definition of what message content format is to be passed between systems.” Yet without general industry-wide acceptance of (and compliance with) these standards, internet email simply would not exist.

This week also marks ten years since the death of Jon Postel, who arguably had more influence over the creation of the Internet than any other single person. One of Jon’s most enduring recommendations is to “be conservative in what you send and liberal in what you receive,” which Vint Cerf (who had only slightly less influence over the early internet), described here on CircleID as “...a reminder that in a multi-stakeholder world, accommodation and understanding can go a long way towards reaching consensus or, failing that, at least toleration of choices that might not be at the top of everyone’s list.”

This philosophy is the root of all email, from the earliest standards discussions to the latest theories of authentication, reputation, and deliverability.

The earliest discussions about email standards culminated in August of 1982, when a predecessor to the IETF published RFCs 821, written by Jon Postel, and 822, in which Dave Crocker updated earlier drafts dating all the way back to 1973. With these documents, email between disparate systems became possible, and increasingly common—so that now, with the click of a button, we can take it for granted that a message sent from an Apple iPhone in Denver can pass unchanged through multiple relays and be read by someone running Microsoft Outlook in Berlin.

Actively used standards evolve over time, from those early versions through the familiar 2821 and 2822 in 2001, and now these latest updates. Along the way, some concepts that made sense at the time have faded into obsolescence: for example, RFC 821 included a feature that would display a message on the recipient’s screen if they were logged in (very much like today’s instant messaging), or email it to them if they weren’t. (Imagine if the spammers got hold of that!) Newer ideas, such as MIME (which allows the HTML email so many of today’s users are fond of) or sender authentication, have been added in separate documents intended to augment the existing infrastructure—without creating unnecessary incompatibilities.

During these past ten years, many people have concluded that what Jon Postel and Dave Crocker and other smart people defined in 1982 was inherently insecure, inadequate for today’s business needs. They say (quite correctly) that it was obviously designed for a non-commercial internet which hasn’t existed in decades, with a level of trust that we cannot rely upon today. Yet it is impressive that so many of those early ideas still apply, and still work exactly as intended. In his more recent role as Senior Technical Advisor to the Messaging Anti-Abuse Working Group (MAAWG), our friend Dave Crocker often reminds us that the purpose of a standard is to define the set of operations required for interoperability—and in this light, RFCs 822 and 821 have succeeded wonderfully.

If someone wants to build something else on top of those core requirements later, they can. Clearly many have. But if they ignore Jon Postel’s urging to “be conservative in what you send and liberal in what you receive,” they may find that they have made themselves incompatible with the rest of the Internet.

That’s the inherent power of a standard, whether dry and technical and suitable for coding (like an RFC) or based on a review of business practices like the requirements for a whitelist like Return Path’s Sender Score Certified. Those who comply with the standard can interoperate effectively with everyone else who complies with the standard. Those who don’t, can’t. It’s worth noting that Jon recognized this possibility early on, and wrote about it in RFC 706 in 1975—predicting the rise of local blacklists and rate limiting, neither of which were regularly needed in email systems until twenty years later.

The American business instinct is often to send (or sell) extremely liberally, only considering the consequences when sales decline. This practice defies standards for interoperability, and is thus incompatible with the rest of the Internet—but it’s the state that many email marketers and other inadvertent spammers find themselves in before they start asking for help. Following the RFCs, many technologists (including myself) would tell them that a well-designed sending-side email server must be conservative, sending only correctly-formed messages which comply with all standards, and a well-designed receive-side email server should be liberal, allowing for minor variances in how the standards are interpreted. This is how our predecessors’ technology interoperated in 1982, and it’s how everybody’s technology interoperates today. Instead, starting at a higher level, the saner elements of the anti-spam community will tell them that a well-designed email marketing campaign must be conservative, sending only messages that are relevant and desired in the eyes of the recipient—and when it is, this conservatism is rewarded by a liberal receiving policy, allowing those messages through to the inbox.

As you can see, Postel’s deceptively simple philosophy permeates the network. Perhaps there is something to be learned for other aspects of our global society as well.

A slightly different version of this article was originally published by Return Path, and is reproduced here with permission.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By J.D. Falk, Internet Standards and Governance

Filed Under

Comments

RFC 706 isn't about email The Famous Brett Watson  –  Oct 7, 2008 12:13 AM

RFC 706 foreshadows the denial of service attack, not spam. Despite the title’s use of the term “junk mail”, the unwanted messages in question are simple network packets, not email messages. It foreshadows the firewall more than it does the email blacklist. Mind you, these problems are variations on a common theme—a theme which I explore in my PhD thesis.

Yep, but the way he described it, J.D. Falk  –  Oct 7, 2008 12:19 AM

Yep, but the way he described it, he might as well have been talking about email. Your thesis sounds interesting; is it online?

Thesis The Famous Brett Watson  –  Oct 7, 2008 4:09 AM

My thesis will be available online after it has been examined (and any necessary changes made), which probably means it will be available early next year. I'll probably post an extract or two here as articles in the meantime.

Hooray For The Pioneers Larry Seltzer  –  Oct 7, 2008 11:04 AM

Internet e-mail standards are too successful. They’ve become almost impossible to change.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

NordVPN Promotion