procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Certified Mail Delivery agent

2001-12-12 01:10:10
from [Paul Chvostek] [Permanent Link] 

On Tue, Dec 11, 2001 at 07:38:39PM -0800, Professional Software Engineering 
wrote:


    http://www.johncon.com/john/Cmd/

which is a Certified Mail Delivery agent intended to reduce UCE/spam.


ObQ: _who_ certified it, and why would we trust their certification?  Or do 


Sean, I'm relieved to see that you jump on *everyone*, and not just me.
;-)


you mean "Certified Mail" similar to the US Postal service Certified Mail 
(which isn't even remotely similar to the process you're describing here 
anyway).


The impression I got was that the program itself "certifies" the mail by
making a delivery confirmation request to the sender.  We were all
discussing this stragegy last month, and the fact that John actually
*wrote* some software does not seem to be grounds to kick him in the
teeth.  Lighten up a little!


Replies according to some special text, or just replies?  What if the reply 
comes in the form of a bounce (and we know how many variations there are on 
those), complete with a copy of the sent message (and therefore, containing 
the phrase that pays)?


Good point.  What would you suggest?  Would asking people emailing you to
put the word "accept" on a line by itself near the top of the message
confuse too many people?  What about ignoring any apparent confirmation
that contains the word "automated" in un-quoted text?  Or perhaps
ignoring apparent confirmations that contain *any* unquoted text at all
(i.e. 2 or more lines before a '^-- $' that match '^[a-zA-Z0-9]' ?


Smartlist script forwards the original message on to the recipient,
and enters the e-mail address in the "whitelist" database.


Q: how well does this work for _mailing lists_ -- does it send the request 
to the _sender_ (the mailing list, oh, thrill me), or to the _author_ (who 
never addressed your recipient in the first place, and really shouldn't 
have to "authenticate" themselves to you to avoid receiving those obnoxious 
"reply or else" notifications)?


I don't know what John's software does.  But what would you consider
safe behaviour for this?  Would it be sufficient to skip responses to
messages with '^(List-|(Mailing|X)-List|Precedence: (bulk|junk))' in
the header, perhaps along with scanning the body for likely footer text
like '((remove|subscribe)-[a-z0-9-]+|[a-z0-9-]+-(remove|unsubscribe))@'?

Obviously, any advice that you can provide to make this tool more
effective will be appreciated.  If you *really* want to know how
John's software works, just read the source.


Although technically feasible, my tests show that it is annoying in
practice, and few senders reply to the certification request.


Which means the user of the script will be faces with a lot of trashbinned 
mail they must manually dredge through to check out because the senders, 
while at the same time annoying others through its existance.


Yup, that's one of the down sides to implementing filters.  But it's not
all bad.  I'm almost finished writing something similar to John's CMD
which includes something that'll let users forward saved messages to
a magic address which will automatically add sender email addresses
to the user's whitelist.  It puts the onus of priming the whitelist
onto the whitelist user.


FWIW, I find that trashing offenders at the SMTP level when I am subjected 
to autoreplies gone amok is especially effective (my peeve is idiotic "I'm 
out of the office for the next 24 months" messages on mailing lists).  The 
sendmail access db feature makes this trivially easy to do.


While this may work for you, it will not work for many of the rest of
us.  I'd *love* to install every filter under the sun on mail.it.ca,
but I have users who are seriously adversely affected by such things.
Any solutions I implement *must* be on a per-user basis, and *must*
allow filtered email to be "reviewed" prior to manual deletion.  So my
own whitelist manager has the option of trashing mail, but by default
it'll save unconfirmed messages in a readable mail folder, and move them
to a separate "expired" folder if the confirmation doesn't arrive in a
configurable time.

When I get the code for this finished, should I post it to the list,
or just keep quiet about it in order to avoid invoking the cholor of
Sean B Straw?


-- 
  Paul Chvostek                                             
<paul(_at_)it(_dot_)ca>
  Operations / Development / Abuse / Whatever       vox: +1 416 598-0000
  IT Canada                                            http://www.it.ca/

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: understanding (mis)filtering, parv
Next by Date:  Re: Certified Mail Delivery agent, John Conover
Previous by Thread:  Re: Certified Mail Delivery agent, Professional Software Engineering
Next by Thread:  Re: Certified Mail Delivery agent, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]