Re: jump-through-my-hoops autoresponders (was Certified Mail Delivery agent)
At 01:10 2001-12-13 +0000, John Conover did say:
The way it works is that the mail system on a gateway maintains a
whitelist, (where the whitelist is only available to the system
Urhm, does that mean individual users do or don't have a say in whether or
not mail to THEIR account is going to generate these demands?
If an e-mail enters the system from the Internet with an address that is
not in the whitelist, the e-mail is archived, and the sender sent a
message asking for verification that the message was really sent, and not
spam, by hitting the 'R' button, and then "Send".
The point of my asking whether it use the sender or From: is key to this
process: this is all too likely to seriously foul mailing lists.
On mailing lists, you're typically going to send a message to the _list_ if
you send it to _sender_. If you send it to the individual message author,
you're rather likely to raise the ire of someone who will gladly make the
effort to forge an unsubscribe on behalf of the user using the autoresponder.
Do the math: high traffic mailing list, with a few hundred posters (though
perhaps a thousand total subscribers - which isn't HUGE by any means). Say
10 of these people use systems which employ the proposed funmaker. Some
day, you post *ONE* followup to that list, and in reply, you get *TEN*
demands to prove you have any right to send mail into the inboxes of people
you don't even know. This happens for *EVERYONE* who posts their first
message. Or perhaps it happens for each of their posts for as long as they
don't cave in to the demands.
Is the message sent *AS* (From:) the original intended recipient, and how
do you do that if there are multiple local recipients? If it comes from
some third party bot (most likely), the body will need to identify who is
was intended for (which may be a list of people), or the sender is going to
think the autoreply itself is some form of spam - further, if it is sent as
a third party bot (which might be at a domain entirely different from the
original intended recipient), many closed mailing lists are going to
_BOUNCE_ the bots requests, or file them in the ether (or the listadmin's
owner-listname mailbox, which is often synonymous with "the ether"),
meaning that user of your system won't get the list messages.
Do none of these problems appear significant?
As one of the administrators on a site which hosts more than a dozen
automobile model-specific discussion lists (besides administering my own
personal lists, though those are much smaller and are focused at
technically capable individuals), with thousands of subscribers, I can tell
you that autoreplies are the bane of mailing list admins everywhere.
That verifies that the e-mail address actually belongs to a person, so
it is put in the whitelist.
If *all* they have to do is hit reply, then what about vacation autoreplies
and funky bounces (the type which are sent From: the account which the
bounce is telling you doesn't exist, while kindly providing you a complete
copy of the original text)? Won't these trip your system into going "oh,
kewl, a real human!", when in fact, no human _actually_ responded.
In sending the message, you also confirm the recipient's address for the
spammer, if the autoreply is being send in response to a spam. This
certainly doesn't do the user any good.
After that, e-mail from the sender to anyone served by the gateway
The sender is never asked another question.
What if they never respond to the original request and therefore were not
added to the whitelist? Does the whitelist NEVER make another attempt, or
does the failure to reply once forever ban them as a spammer? What if
they sent several messages in succession before ever checking their inbox
and finding a message asking for them to prove they're really there?
All it has done is verify that the e-mail address really belongs to a
What if it doesn't, but rather belongs to a couple of thousand people, in
the form of a mailing list?
I really don't understand what all the emotion is about ...
The headache which autoreplies cause for mailing lists.
After you've had an opportunity to deal with a few broken autoreply bots
sending messages to a mailing list (or to each of it's subscribers when
they post), you'll probably come to realize why there is such a hatred for
autoreply bots. When you've administered a list where someone's reply bot
is _looping_ list messages, yet the subscriber's address who is doing this
isn't identified (so the listadmin has to do a bunch of footwork to figure
out who's mail is causing it so they can unsub it), you'll have an improved
view of autoreply bots.
Acceptlists should be maintained by their respective users, not foisted off
on the senders of the messages. Use of a few RBLs, plus a decent set of
spam filters will serve you better, resulting in *considerably* less
needlessly discarded mail, and ZERO annoyance to others.
The various problems with autoresponders have been discussed many times in
the past on this list over the years - these are far from being new concerns.
Let me be clear - I'm being critical of the approach, not of your effort to
attempt to solve a problem. I just believe this particular approach is
fraught with issues.
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
procmail mailing list
|<Prev in Thread]
||[Next in Thread>
Message not available|
Re: Certified Mail Delivery agent, Professional Software Engineering
- Re: Certified Mail Delivery agent, Mark
- Re: Certified Mail Delivery agent, David W. Tamkin
- Re: Certified Mail Delivery agent, Mark
- acceptlists, blacklists, spam, and twits, oh my! (was: Re: Certified Mail Delivery agent), Professional Software Engineering
- Re: acceptlists, blacklists, spam, and twits, oh my! (was: Re: Certified Mail Delivery agent), Rick Leir EPS
- Re: acceptlists, blacklists, spam, and twits, oh my! (was: Re: Certified Mail Delivery agent), Professional Software Engineering