Re: Looping problem
2002-02-26 21:34:12
Take a deep breath. Understand that this is written in a tone discouraging
the use of the SMTM ("Show Me The Money") method, and isn't an attempt to
be inflammatory against those who might choose to employ SMTM. If you
start to think I'm picking on you, take a break, reference this paragraph,
then when your BP has subsided, continue reading.
At 16:50 2002-02-26 -0800, Fred Morris wrote:
People just don't like the idea of justifying themselves, do they?
Not on a mailing list they don't. Excepting perhaps ONE occasion, every
case of a SMTM bounce I've seen was caused by a post to a mailing list -
not a message TO that individual, but a message TO A LIST. To which that
clever individual elected to subscribe themselves. It's in the same class
of clueless user as sending vacation messages in response to mailing list
messages (or any other message not addressed cleartext to you).
Know what happens when a listserv changes hosting services and just "drags"
the original list subscribership over to the new host? Now, take that
person who's got a SMTM filter (and was greenlisting that list by it's
original address) and figure they went skiiing for the weekend.
Don't that suck? Just as with vacation autoresponders gone amok, the user
will find themselves booted from that list if the listadmin can be
contacted, or enough people decide to deal with whatever is necessary to
forge or otherwise push through an unsubscribe for them on that list.
And, they usually find their email address on a dozen or so personal twit
filters, because on the meantime, THOSE users didn't want to see a SMTM
bounce from the person (I'm in with that crowd - I'd just as soon
twitfilter someone than justify my post to a public mailing list to some
brainiac who insists that all the mail coming into his inbox has to be
accompanied by a letter of recommendation or something).
People don't like the idea of justifying themselves. I don't care. If I
want mail, I say so. If I don't you can still reach me.
People on mailing lists have *NO* control over whether you have subscribed
to that list, and they're not sending mail *TO* you - they're sending it TO
THE LIST. If Joe posts a question to a list and I post a reply to his
query on the list, I shouldn't have to justify that query to the three
people who've recently joined the list and expect their incoming mail to be
justified by the sender. Just as my message to the list shouldn't trip
someone's vacation rule, but I've still seen HUNDREDS of those on mailing
lists.
It REALLY sounds like you should just adopt a greenlist policy and dump
everything else. Sub to a mailing list, add that list to your
greenlist. If you suddenly stop seeing messages, perhaps the list address
changed (which if it crept up on you, you must not have been following it
really closely, as most moves are prefixed by an administrative posting on
the affected list).
Few SMTM users I've ever encountered bother to religiously maintain their
filters to ensure that they don't hammer mailing list users. Everybody's
got their "gosh, I'm sorry, it won't happen again", but the problem is that
the basic scheme is so seriously flawed that such a promise cannot be kept
- unless the user is ditching the SMTM.
[snip - rant]
You're WAY off target here.
Perhaps you should investigate using a private email address for trusted
contacts and a heavily spamfiltered address for all other mail. I often
use plussed addresses with clients - for one, it helps for filtering their
email, but also ensures that it doesn't get subjected to the same extremes
of spam filtering I use for generic accounts. Anyone having occasion to
send you attachments will be someone you trust enough to provide your
private address to (which for could be a _plussed_ alias, so you don't have
to maintain a separate mailbox, so long as your mail host supports
plussing). Anyone not entrusted with your private address would be sending
unwelcome attachments to your generic address, which would simply discard
all attachments (or only accept them from greenlisted individuals). No need
to use a SMTM scheme.
People who fall from your graces can be added to twitlists, or otherwise
find their email filtered from your private address. These are people who
crossed some line ("mom, I've told you, it's great that cousin Jimminy has
a new son, but I don't need any more pictures of him"), and are now
restricted from sending you attachments.
As for the evil of BCCs, I'd just as soon recieve a BCC from a friend or
associate than to find my address on a addressbook dump sized recipient
list, exposing my address to the inbox of scores of people I don't know and
don't care to receive a [REPLY ALL] response from, thankyouverymuch.
I have to be a little more careful about mailing lists, obviously. I'm
careful about subscribing to them, and open a hole in the wall before I do.
This schema was reported to be for _other_ users as well. Everybody has to
remember to play nice, or it doesn't work. Also, as described (and from
the recipe as posted), it isn't for BCCs either - it's for ALL mail. Both
counts make it a totally different ballgame.
You know what bugs me about mailing lists? Nonstandard headers. Oh, maybe
there are some standards, maybe not; but "in the field" you won't see much
consistency. People who run mailing lists (including this one) don't even
provide a sample of the headers on the web page where you subscribe.
By and large, most people don't do greenlist filtering. Mailing lists get
to deal with AOL'ers who can't comprehend sub and un*sub instructions or
even enter their own email address properly. Posting samples of message
headers to expect from the list messages is way over the top for the
techically challenged masses. Heck, most list admins are clueless when it
comes to the handling of email.
Who gets the bounces? 98% of them are bounced again by daemons (because the
addresses are invalid). That means that, along with the highlighting of
probable spam that I do I see spam,bounce,spam,bounce.
Yea, that's gotta be nice on the mail server. I can think of scores of
things I'd rather do with the bandwidth. Which might be why I employ RBLs,
an access db, and anti-spam heuristics.
None of which demand anyone to justify their messages. Granted, perhaps
someone will send something that would otherwise trigger a spam filter -
but if they know me well enough for me to care to recieve "spammish"
material from them, they should already be on a pre-spam filter node anyway.
.. in my inbox;
uhm, that'd assume that the original message arrived in your inbox. The
SMTM scheme here doesn't pass the message to the user's unbox unless the
sender is in the greenlist already. If you're going to let the spam into
your inbox ANYWAY, why not just tag it with heuristics?
I extensively filter my email - pretty much whatever is left in my inbox is
either spam or a first contact from someone.
makes it really easy to deal with. When something's flagged as a possible
spam and doesn't have a bounce right after it, I may take a look at it; it's
usually spam.
... which demonstrates that the ONLY people being inconvenienced by the
SMTM scheme are valid users. Ain't that nice.
Once in a blue moon, I get a loop.
That's like all it takes to ruin someone's day. Or several someoneses, if
the loop causes a spool volume to fill up and the server to start bouncing
messages for ALL users. Yea, loops are fun.
That's because somebody's autoresponder
doesn't preserve my X-Loop header. As often as not they petulantly declare
that X-Loop isn't in the RFCs. I say, who cares?
My vote is that the guy operating a mail server being hammered by a mail
loop probably cares. Which often, is the ISP _hosting_ the parties who are
causing the loop, rather than the parties themselves.
Once in a while somebody who works for an existing client decides to BCC
[snip]
more stuff. If you've got customers who insist on sending you this stuff, I
pity you; I'd like to suggest that perhaps you should find some new
customers, but perhaps that's not possible.
Once again, you're off talking about BCCs, rather than *ALL*
messages. BCCs are not part of the equation that was presented.
Of course, mailing lists are typically sent as BCCs. Some spam is, though
a fair amount of spam is still sent addressed cleartext to the recipient.
What all this means is that anyone using a SMTM scheme needs to be on it
like a hawk or risk pissing people off. You'll make fewer enemies by just
retentively filtering mail and discarding things that cross some
threshold. Greenlist mailing lists and your buddies and you'll accomplish
much the same thing, without requiring other people to do your work and
without subjecting yourself to the ugly potential of a mail loop.
Your service provider sends you an automated notice advising you of a
planned outage? You'd better hope the admin who's got his hands full
dealing with some network issue is going to want to do you the favour of
justifying himself. Perhaps you should pre-emptively greenlist the whole
domain of your network provider? Oh bugger, that's the same domain that
their client's emails are with too, and a domain which a certain amount of
forged junk comes from when it arrives at their mail server without an
explicit domain? Oh well.
expectation which has allowed me to keep the same e-mail address for lo
these many years, rather than abandoning it when it gets spammed out (where
does that fit into your perfect world?).
I've used the same email address for the past five plus years. I provide
it to fewer people (and spam filter it more extensively), but due to
approaches I've developed with other addresses I have, I see much less spam
at those addresses overall.
I'd sooner start with a clean slate and move forward doing things right
than to base by spam prevention mechanism upon a system which requires
others to do MY work. It might sound neat to start with - not having to do
any work yourself - but the number of people who'll get ticked off, and the
number of problems it can cause (for yourself as well as for others),
simply it just not worth the perceived work savings.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
|
|