ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] Dombox - A Zero Spam Mail System

2019-09-28 01:09:49
from [Viruthagiri Thirumavalavan] [Permanent Link] 
These seem like valid points. I'll take a look at it.

If the challenge mails gonna cause issues, then most likely I will remove
that feature from my system.

Thanks for the input.

On Sat, Sep 28, 2019 at 11:11 AM Valdis Klētnieks 
<valdis(_dot_)kletnieks(_at_)vt(_dot_)(_dot_)edu>
wrote:


On Sat, 28 Sep 2019 09:48:05 +0530, Viruthagiri Thirumavalavan said:


I think you are referring to accidentally sending challenge mails to
noreply addresses. Please correct me if I'm wrong.



Usually noreply addresses are not falling under human-to-human category..


Yes, but how do you identify them?


But your concern is a valid concern. I think we should take precautionary
measures for challenge mails. For example, if the MAIL FROM local-part
contains text like "noreply" or "no-reply" and the RCPT TO address

requires

CAPTCHA, then we should reject the mails with an error message like "550
Recipient requires CAPTCHA. Not possible in noreply addresses.". We can
also use headers like "List-Unsubscribe" to detect non-human mails.


Using RFC2369 headers to identify non-human mails isn't exactly correct.
Hint:
The message you're reading right now has a List-Unsubscribe: header in it,
and
it's arguable whether stuff I write is non-human or not. ;)

And assuming that the MAIL FROM contains 'noreply' is a bad choice as
well, as
many automated systems will intentionally use 'MAIL FROM:<>' to guarantee
that
no bounces come back.

A lot of spam *also* uses <> to ensure there's not bounces coming back.
And yes,
some people have tried refusing all mail that comes in with a <> - and
discover that
doing so breaks a lot of things.

There's also the Law of Unintended Consequences....

You might want to read up on what happens when Yahoo people post to a
mailing
list and the list breaks the very strict DMARC that Yahoo tags on it - the
end
result is that systems that get the mail and do a DMARC verify will reject
the
mail, send a 550 error back - and the mailing list software will silently
unsubscribe the user from the list.  This is why Mailman has the
'Munge-From'
option for mailing lists.

The end result is that you can end up damaging your own users while trying
to
prevent spam.




-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Valdis Klētnieks
Next by Date:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, John C Klensin
Previous by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, Valdis Klētnieks
Next by Thread:  Re: [ietf-smtp] Dombox - A Zero Spam Mail System, S Moonesamy
Indexes:  [Date] [Thread] [Top] [All Lists]