At 19:52 30/11/2009 Monday, Stuart D. Gathman wrote:
On Mon, 30 Nov 2009, Ian Eiloart wrote:
So, you'd probably want these domains hosted on some other mail server.
Google
hosts my domain for free - I just pay the registration cost. I have a virtual
host, but can't be bothered to run my own mail server on it.
While this might be ok for a casual user, I don't want my mail traversing
google or any other provider in plaintext. I suppose I could use S/MIME
or GPG, but TLS is no effort privacy measure that doesn't involve trying to
tell non-geek correspondents how to create a key pair. When a
correspondent has a small office mail server supporting TLS, adequate privacy
is automatic.
I'm not thinking about casual "home" users, but about "small business" users
with a static IP. This includes "home office" users with a static IP. My
biggest email client has a /27 block and servers in his basement (blocks
400,000 forged emails a day to himself and his customers as well as serving
web pages).
There are commercial products that are "plug and play" email appliances.
Unfortunately, the most popular ones have serious RFC and general
stupidity issues (e.g. replying to DSNs, sending "you have a virus"
replies to emails they have already identified as sent by a virus, invalid
HELO name, etc, etc).
i agree with all of the above
my modis operandi is to not default block {some} common idiotic behaviour
but to highlight any/all of it to the receiver
thus they see the sender has issues and either complains to them
"i cannot turn on spam/ratware filter X as your idiot server keeps failing the
legitimacy tests"
or chooses to ignore
given enough time and enough spam {that would otherwise have been blocked} some
users will complain
and those some senders will clean up {and often realize this improves delivery
to others}
and some won't and will find themselves blocked when/if we reach a stage when
everyone blocks on idiot test X, as it is no longer a common mistake
I think one of the issues currently is too many badly setup senders and to few
recipients knowing/complaining
{and many admins unwilling to block due to users complaining to them}
so i just give the users the decision of what to block or not, and let them
cleanup the senders they deal with
{which works pretty well on small business to small business sender/reciever}
and sometimes generates a little work for me if they need consultancy to fix
the issue
{but most just avail of the "I'll walk you through it for free on the phone if
your doing it to improve your sending of mail to one of our customers" offer,
as phonecalls that cleanup any portion of the net i can do unbilled, [why i'm
broke but my karma is good]}
i regard it all like open relays
at first it was common,
then became abused
then then some receivers started blocking open-relays to limit the abuse
the users complained the open-relays complained
nearly all non-pig-headed open-relays got fixed
eventually nearly everyone started blocking open-relays to limit the abuse
nowdays there are pretty much no open relays
all issues like this will be tackled by a few voting with their mailboxes to
not accept "shady" senders
eventually all conscientious/legit senders will follow best practices to get
any useful number of deliveries
after a time even the cautious receivers will be able to block "shady" senders
as the false positive rate will diminish
then we reach a stage where "is it a legit MTA or ratware" becomes black n
white {long way off}
and we move the fight to
legit MTA's that have poor defences against spammer abuse/vs/ legit MTA's that
catch/block attempted abuse quickly and effectively
which we are also working on but i think few are yet {because ratware is still
a common source of spam}
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com