procmail
[Top] [All Lists]

Re: Looping problem

2002-02-26 21:34:12
Take a deep breath. Understand that this is written in a tone discouraging the use of the SMTM ("Show Me The Money") method, and isn't an attempt to be inflammatory against those who might choose to employ SMTM. If you start to think I'm picking on you, take a break, reference this paragraph, then when your BP has subsided, continue reading.

At 16:50 2002-02-26 -0800, Fred Morris wrote:
People just don't like the idea of justifying themselves, do they?

Not on a mailing list they don't. Excepting perhaps ONE occasion, every case of a SMTM bounce I've seen was caused by a post to a mailing list - not a message TO that individual, but a message TO A LIST. To which that clever individual elected to subscribe themselves. It's in the same class of clueless user as sending vacation messages in response to mailing list messages (or any other message not addressed cleartext to you).

Know what happens when a listserv changes hosting services and just "drags" the original list subscribership over to the new host? Now, take that person who's got a SMTM filter (and was greenlisting that list by it's original address) and figure they went skiiing for the weekend.

Don't that suck? Just as with vacation autoresponders gone amok, the user will find themselves booted from that list if the listadmin can be contacted, or enough people decide to deal with whatever is necessary to forge or otherwise push through an unsubscribe for them on that list.

And, they usually find their email address on a dozen or so personal twit filters, because on the meantime, THOSE users didn't want to see a SMTM bounce from the person (I'm in with that crowd - I'd just as soon twitfilter someone than justify my post to a public mailing list to some brainiac who insists that all the mail coming into his inbox has to be accompanied by a letter of recommendation or something).

People don't like the idea of justifying themselves. I don't care. If I
want mail, I say so. If I don't you can still reach me.

People on mailing lists have *NO* control over whether you have subscribed to that list, and they're not sending mail *TO* you - they're sending it TO THE LIST. If Joe posts a question to a list and I post a reply to his query on the list, I shouldn't have to justify that query to the three people who've recently joined the list and expect their incoming mail to be justified by the sender. Just as my message to the list shouldn't trip someone's vacation rule, but I've still seen HUNDREDS of those on mailing lists.

It REALLY sounds like you should just adopt a greenlist policy and dump everything else. Sub to a mailing list, add that list to your greenlist. If you suddenly stop seeing messages, perhaps the list address changed (which if it crept up on you, you must not have been following it really closely, as most moves are prefixed by an administrative posting on the affected list).

Few SMTM users I've ever encountered bother to religiously maintain their filters to ensure that they don't hammer mailing list users. Everybody's got their "gosh, I'm sorry, it won't happen again", but the problem is that the basic scheme is so seriously flawed that such a promise cannot be kept - unless the user is ditching the SMTM.

[snip - rant]
You're WAY off target here.

Perhaps you should investigate using a private email address for trusted contacts and a heavily spamfiltered address for all other mail. I often use plussed addresses with clients - for one, it helps for filtering their email, but also ensures that it doesn't get subjected to the same extremes of spam filtering I use for generic accounts. Anyone having occasion to send you attachments will be someone you trust enough to provide your private address to (which for could be a _plussed_ alias, so you don't have to maintain a separate mailbox, so long as your mail host supports plussing). Anyone not entrusted with your private address would be sending unwelcome attachments to your generic address, which would simply discard all attachments (or only accept them from greenlisted individuals). No need to use a SMTM scheme.

People who fall from your graces can be added to twitlists, or otherwise find their email filtered from your private address. These are people who crossed some line ("mom, I've told you, it's great that cousin Jimminy has a new son, but I don't need any more pictures of him"), and are now restricted from sending you attachments.

As for the evil of BCCs, I'd just as soon recieve a BCC from a friend or associate than to find my address on a addressbook dump sized recipient list, exposing my address to the inbox of scores of people I don't know and don't care to receive a [REPLY ALL] response from, thankyouverymuch.

I have to be a little more careful about mailing lists, obviously. I'm
careful about subscribing to them, and open a hole in the wall before I do.

This schema was reported to be for _other_ users as well. Everybody has to remember to play nice, or it doesn't work. Also, as described (and from the recipe as posted), it isn't for BCCs either - it's for ALL mail. Both counts make it a totally different ballgame.

You know what bugs me about mailing lists? Nonstandard headers. Oh, maybe
there are some standards, maybe not; but "in the field" you won't see much
consistency. People who run mailing lists (including this one) don't even
provide a sample of the headers on the web page where you subscribe.

By and large, most people don't do greenlist filtering. Mailing lists get to deal with AOL'ers who can't comprehend sub and un*sub instructions or even enter their own email address properly. Posting samples of message headers to expect from the list messages is way over the top for the techically challenged masses. Heck, most list admins are clueless when it comes to the handling of email.

Who gets the bounces? 98% of them are bounced again by daemons (because the
addresses are invalid). That means that, along with the highlighting of
probable spam that I do I see spam,bounce,spam,bounce.

Yea, that's gotta be nice on the mail server. I can think of scores of things I'd rather do with the bandwidth. Which might be why I employ RBLs, an access db, and anti-spam heuristics.

None of which demand anyone to justify their messages. Granted, perhaps someone will send something that would otherwise trigger a spam filter - but if they know me well enough for me to care to recieve "spammish" material from them, they should already be on a pre-spam filter node anyway.

.. in my inbox;

uhm, that'd assume that the original message arrived in your inbox. The SMTM scheme here doesn't pass the message to the user's unbox unless the sender is in the greenlist already. If you're going to let the spam into your inbox ANYWAY, why not just tag it with heuristics?

I extensively filter my email - pretty much whatever is left in my inbox is either spam or a first contact from someone.

makes it really easy to deal with. When something's flagged as a possible spam and doesn't have a bounce right after it, I may take a look at it; it's
usually spam.

... which demonstrates that the ONLY people being inconvenienced by the SMTM scheme are valid users. Ain't that nice.

Once in a blue moon, I get a loop.

That's like all it takes to ruin someone's day. Or several someoneses, if the loop causes a spool volume to fill up and the server to start bouncing messages for ALL users. Yea, loops are fun.

That's because somebody's autoresponder
doesn't preserve my X-Loop header. As often as not they petulantly declare
that X-Loop isn't in the RFCs. I say, who cares?

My vote is that the guy operating a mail server being hammered by a mail loop probably cares. Which often, is the ISP _hosting_ the parties who are causing the loop, rather than the parties themselves.

Once in a while somebody who works for an existing client decides to BCC
[snip]
more stuff. If you've got customers who insist on sending you this stuff, I
pity you; I'd like to suggest that perhaps you should find some new
customers, but perhaps that's not possible.

Once again, you're off talking about BCCs, rather than *ALL* messages. BCCs are not part of the equation that was presented.

Of course, mailing lists are typically sent as BCCs. Some spam is, though a fair amount of spam is still sent addressed cleartext to the recipient.

What all this means is that anyone using a SMTM scheme needs to be on it like a hawk or risk pissing people off. You'll make fewer enemies by just retentively filtering mail and discarding things that cross some threshold. Greenlist mailing lists and your buddies and you'll accomplish much the same thing, without requiring other people to do your work and without subjecting yourself to the ugly potential of a mail loop.

Your service provider sends you an automated notice advising you of a planned outage? You'd better hope the admin who's got his hands full dealing with some network issue is going to want to do you the favour of justifying himself. Perhaps you should pre-emptively greenlist the whole domain of your network provider? Oh bugger, that's the same domain that their client's emails are with too, and a domain which a certain amount of forged junk comes from when it arrives at their mail server without an explicit domain? Oh well.

expectation which has allowed me to keep the same e-mail address for lo
these many years, rather than abandoning it when it gets spammed out (where
does that fit into your perfect world?).

I've used the same email address for the past five plus years. I provide it to fewer people (and spam filter it more extensively), but due to approaches I've developed with other addresses I have, I see much less spam at those addresses overall.

I'd sooner start with a clean slate and move forward doing things right than to base by spam prevention mechanism upon a system which requires others to do MY work. It might sound neat to start with - not having to do any work yourself - but the number of people who'll get ticked off, and the number of problems it can cause (for yourself as well as for others), simply it just not worth the perceived work savings.


---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>