ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] Dombox - A Zero Spam Mail System

2019-09-25 13:28:02
from [Valdis Klētnieks] [Permanent Link] 
On Wed, 25 Sep 2019 15:06:33 +0530, Viruthagiri Thirumavalavan said:


By default, john(_at_)example(_dot_)com is a generic mail address. It can 
accept mails
from both human and websites.  A user have to enable a setting called
"Restricted Mode" to instruct the system that it's a human-to-human mail


I'm really interested in seeing how you explain to a user how to turn on
"restricted mode" so they can get emails from their Aunt Sally regarding next
week's family reunion picnic - and have them actually understand it.

You also get to explain to the user how to tactfully apologize to Aunt Sally
for not being at last week's reunion because they weren't expecting the mail to
be from Sally, but from her sister Susan, so Sally wasn't whitelisted.

Remember - from the user's point of view, your email software made them miss
an important mail.

Bonus points for explaining to the user that if Sally's husband Uncle Fred does
a "reply all" to that mail, Fred is going to get a C/R response from your user
and your user will probably never actually see Fred's reply.  Oh, and your user
had whitelisted Fred's *old* address, but didn't know Fred had a *new* address?
Yeah, you can apologize to the user for that problem too....

Double bonus points for explaining how you prevent the spammers from automating
the C/R response using procmail or similar.

Triple bonus points for explaining how this scales, paying particular attention
to help desk issues regarding "lost" emails because a user forgot to enable
restricted mode.


address. We heavily rely on MX record instead of SPF record to detect mail
genuinity in human-to-human mails.


So... instead of looking at a DNS record that tells you where legitimate emall
should be coming from, you're going to look at a record that is almost 
guaranteed
to not point at a legitimate source for the email.

Yeah, that's going to work *really* well.

I suggest you look at the Received: lines on your copy of this e-mail, and for 
each step,
figure out what the RFC821 MAIL FROM probably was, the RFC822 From: (which
you don't see until you've accepted the DATA step), and what checking the MX 
and SPF
entries would have shown for each step along the way.

Take your time - we'll wait.

Please tell us - how much experience do you have with actually running large
scale email systems?  Can you tell us how much email you've processed through
your zero-spam system, and the current rates of false positives and false
negatives?

Attachment: pgpMC2xAW9pRE.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Next by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Hector Santos
Previous by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Next by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]