nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] Stanford disliking my emails -- update + question

2015-04-23 20:04:42
On Wed, 22 Apr 2015 23:22:27 -0400 Ken Hornstein <kenh(_at_)pobox(_dot_)com> 
sez:

I think you read that a little differently than I intended - I
didn't mean to imply that this would be free (just included in
whatever else you get) though it sometimes is (I suspect
that's rare) - they're businesses, and will seek a profit from
whatever avenue they can, which is reasonable - most often
there will be some additional charge, but often (from the
commercial pay for use providers, as distinct from google etc.
who raise revenue other ways) this is a service they offer -
why wouldn't they - it costs them almost nothing, and they can
charge for it.

Fair enough ... but again, my two examples (Verizon and
pobox.com) don't include it in their service they provide to me
that I pay for.  But that doesn't really get to my larger point
- every other MUA manages to send email fine, without requiring
your own domain.  It seems backwards to tell nmh users this is
the preferred solution.

Two more examples:  Comcast (a "business" account -- though they
do offer static IPs, for a fee) and Google Mail.

I, for one, am very glad that there exists a fine and supported
solution that doesn't require me to buy a domain name!

 | Thirdly ... I think it's ridiculous that Stanford's
 | anti-spam rules trawl through Received headers (which are
 | defined as being free-form)

Actually, they're not, they have a fairly strict format (with
lots of options, true) - but that's not really the point.  The
real issue is that spammers tend to put in a chain of bogus
Received headers in messages they send in a rather lame
attempt to hide the true origin of the message.

Fair enough, I was wrong about that ... although, really, RFC
5321 says you can't count on them to have any format, but like
you said, not really relevant here.  My key point was that
Bob's message was validated by gmail's DKIM rules; that only
happens if you authenticated to gmail to submit the message.
If that happens, you shouldn't need to check the Received
headers for bogus stuff.

On a related note, initially Stanford IT said it was GMail's
fault, though they were never precise with their reasoning.  My
guess is that they were saying, "Yes, GMail is providing a valid
DKIM entry, but the sending node uses 'localhost.localdomain' --
which means GMail is in effect validating what is, in our
opinion, 'spam.'"

I can see that that is not 100% impossible.  But, given the
presence of the DKIM signature, is it an unreasonable statement?

Detecting that series of bogus Received headers is one way to
determine that a message is probably spam - it is not at all a
useless technique (your "most windows users" MUAs don't tend
to add Received headers at all - and nor should they - nor
does nmh, which it also shouldn't - but if you deliver via a
local sendmail/postfix/exim/... which I personally believe is
the best way to config nmh, then it will (and should) and you
need a domain name for that.

I know we're never going to agree on the best way to configure
mail submission, but you have admitted in the past that your
have an unusual amount of control over your local domain, to a
degree that I think very few people have nowadays.  Also,
you've been around long enough that you probably remember
having to deal with sendmail.cf directly rather than having it
generated by m4 templates.  For you, registering a domain isn't
a big deal because you did that already and of course sendmail
configuration is easy.  But ... for the person who has a more
traditional setup (e.g., has a residential ISP and submits to
gmail), making that a requirement is overkill, and like I said
earlier if they have to ASK how to configure sendmail here then
they shouldn't be using it.  Their world will be easier if they
submit email like everyone else does (and really, if they're at
that level of sophistication then they won't get any of the
advantages of having their own domain).

I also remember editing sendmail.cf files.  I also have an old
copy of the O'Reilly "sendmail" book, from the mid-1990s.  But to
say I did more than copy the sendmail.cf file from elsewhere,
edit the hostnames, and cross my fingers, would be to give me far
more credit than I deserve!  B-)  And it sent me down the wrong
track for years, something that more-or-less worked (though there
were significant limitations) until this issue with Stanford's
anti-spam tool finally forced the realization that (a) I didn't
have a proper host/sendmail setup and (b) there are proper tools
to do the job without needing to use or understand sendmail or
break one's /etc/hosts file!  (And I would be still be lost
without this wonderful mailing list and the people here!)

The average NMH user probably has more *nix and sysadmin
knowledge than the average Ubuntu user, but if I'm at all
representative of that average NMH user then we have enough just
to be dangerous to ourselves.  B-)

                                Bob

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>