How would the system which is being proposed handle the following:
https://mailarchive.ietf.org/arch/msg/ietf/s_Y8Vux32Ei_0HCBiiVzb-4hhFg ?
Hi Moonesamy,
I think you are referring to accidentally sending challenge mails to
noreply addresses. Please correct me if I'm wrong.
Usually noreply addresses are not falling under human-to-human category. So
we highly recommend our users to offload website related and mailing list
related mails to domboxes before enabling restricted mode. That's because a
dombox address gives exclusive privilege to a domain and its alias domains.
But your concern is a valid concern. I think we should take precautionary
measures for challenge mails. For example, if the MAIL FROM local-part
contains text like "noreply" or "no-reply" and the RCPT TO address requires
CAPTCHA, then we should reject the mails with an error message like "550
Recipient requires CAPTCHA. Not possible in noreply addresses.". We can
also use headers like "List-Unsubscribe" to detect non-human mails.
For the record, I'm not really a fan of challenge mails. But we cannot just
ignore it due to its annoying nature. For example, you have a blog post and
you see thousands of comments posted by bots everyday. You get genuine
comments monthly once. So it's reasonable to enable CAPTCHA here.
Plenty of people in the world use email address only for signing up in
third party websites like Facebook, Youtube etc. They hardly use that for
human-to-human communication. So CAPTCHA makes sense for such folks.
The key takeaway from my work is not the challenge part, it's the "verified
strangers" part. As of now, botnets plays a huge role in email spam. Last
time I checked there are botnets out there that is capable of sending 92
billion spam mails per day. Mirai botnet source code
<https://github.com/jgamblin/Mirai-Source-Code> is available on the github.
So you don't need much technical skills to create a botnet. My system tries
to bring those spammers inside a circle by dividing the system into human
mails and non-human mails. My system tries to punish the domain rather than
IP addresses. So I believe it's effective in dealing with botnet spam.
On Sat, Sep 28, 2019 at 2:41 AM S Moonesamy <sm+ietf(_at_)elandsys(_dot_)com>
wrote:
Hi Viruthagiri,
At 07:06 PM 24-09-2019, Viruthagiri Thirumavalavan wrote:
I would like to present my work here. It's a new but backward
compatible mail system. It addresses some of the issues we face in
the current email system. E.g. Email Spam, Phishing, Privacy, Data
Breach, Bandwidth Wastage etc.
It looks like you put in a lot of work into the paper. One of the
proposals in the paper is to have "challenge mails" and there is a
sentence on Page 228 about it causing inconvenience. The challenge
form (Page 229) is even more inconvenient as I would have to decipher
some of the characters. That approach has become an accessibility
challenge nowadays.
How would the system which is being proposed handle the following:
https://mailarchive.ietf.org/arch/msg/ietf/s_Y8Vux32Ei_0HCBiiVzb-4hhFg ?
Regards,
S. Moonesamy
--
Best Regards,
Viruthagiri Thirumavalavan
Dombox, Inc.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp