ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] Dombox - A Zero Spam Mail System

2019-09-28 00:42:04
from [Valdis Klētnieks] [Permanent Link] 
On Sat, 28 Sep 2019 09:48:05 +0530, Viruthagiri Thirumavalavan said:


I think you are referring to accidentally sending challenge mails to
noreply addresses. Please correct me if I'm wrong.



Usually noreply addresses are not falling under human-to-human category.


Yes, but how do you identify them?


But your concern is a valid concern. I think we should take precautionary
measures for challenge mails. For example, if the MAIL FROM local-part
contains text like "noreply" or "no-reply" and the RCPT TO address requires
CAPTCHA, then we should reject the mails with an error message like "550
Recipient requires CAPTCHA. Not possible in noreply addresses.". We can
also use headers like "List-Unsubscribe" to detect non-human mails.


Using RFC2369 headers to identify non-human mails isn't exactly correct. Hint:
The message you're reading right now has a List-Unsubscribe: header in it, and
it's arguable whether stuff I write is non-human or not. ;)

And assuming that the MAIL FROM contains 'noreply' is a bad choice as well, as
many automated systems will intentionally use 'MAIL FROM:<>' to guarantee that
no bounces come back.

A lot of spam *also* uses <> to ensure there's not bounces coming back. And yes,
some people have tried refusing all mail that comes in with a <> - and discover 
that
doing so breaks a lot of things.

There's also the Law of Unintended Consequences....

You might want to read up on what happens when Yahoo people post to a mailing
list and the list breaks the very strict DMARC that Yahoo tags on it - the end
result is that systems that get the mail and do a DMARC verify will reject the
mail, send a 550 error back - and the mailing list software will silently
unsubscribe the user from the list.  This is why Mailman has the 'Munge-From'
option for mailing lists.

The end result is that you can end up damaging your own users while trying to
prevent spam.

Attachment: pgp8aD7FuNDKs.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Next by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Previous by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Next by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Viruthagiri Thirumavalavan
Indexes:  [Date] [Thread] [Top] [All Lists]