You already answered our earlier question about UTF-8 and email, thanks.
I have a couple of more questions in this area, before we can finish up our
draft on IPP notifications over email.
When using email to return notifications about print jobs, we are aware that
there is an apparent spamming risk, also pointed out in an earlier IPP
meeting by John Klensin. How can we best try to protect against that,
without having to re-invent or re-design email all together, or drop the
idea of doing notifications via email?
Here are some ideas that have been discussed in the group, but around which
we have not yet reached consensus:
1) Mandate the inclusion of an email address for the subscriber, when
notifications over email are requested by a subscriber. This could
potentially be validated by the printer (or print server) before accepting
the subscription. The idea would be to also include the subscriber's email
address in each notification.If we did that, which email address field would
be appropriate? The REPLY-TO:? As an alternative/addition we could
potentially mandate use of security e.g. Digest Authentication for
subscription operations, but it would still be useful to have the subscriber
address in the notification message.
2) The next question is whether we should require some kind of validation of
the email address to which the notifications are to be sent? We are talking
about the email address in the form of a URL malto://... Are there any rules
on how you could screen out DLs for use as email addresses? If you ask to
have printer state notifications to a large DL, you could easily generate
enough traffic to spam a whole domain in no time etc. etc.
3) Another question is which SENDER address you should use in a printer
generated email notifcation? Some people have argued that it should be the
name of the printer itself e.g. firstname.lastname@example.org, but it is highly
unlikely that the printer actually has an incoming mailbox and hence you
would have an emaill address to which no replis can be sent. An alternative
would be to use the email address of a person associated with the printer
e.g. email@example.com. Any recommendation on this?
4) Do you see any reason at all for a printer to generate email notification
messages asking for delivery notification? It could be done as a matter of
implementation, but we believe that it would be an overkill. Should we just
Hope you can give us some guidance on these subjects.
This archive was generated by hypermail 2b29 : Tue May 02 2000 - 12:03:22 EDT