[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Recipient validation - WAS: Re: Moderated posts?

On 10/13/2014 9:53 PM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> Not a grey area at all.  "...dropping mail > without notification of the
> sender is permitted...".  As for the "...long tradition and community
> expectations..." - that's nice, but according to some estimates,
> spammers now account for over 90% of the email traffic on the internet.

And there are very simple ways to eliminate 90+% of that very simply
(postfix+postscreen, without any additional tools), without risk of
rejecting *any* legitimate email, and without *breaking SMTP*, which is
what you are advocating.

By adding a few simple additional tools (amavisd-new+spamassassin), you
can easily deal with the remaining 9.9%...

If you think I'm kidding, please by all means go make these silly
statements on the postfix list and I'll just sit and watch the fun.

> To bounce all of those invalid addresses not only would further
> increase the amount of junk on the internet,

That is pure and absolute nonsense. The vast majority of spam comes from
botnets, and *rejecting* garbage from these results in ZERO additional
smtp traffic.

> but by not replying, servers tell the spammers what are valid email
> addresses.

More nonsense. Security through obscurity *never* works, and only, in
this case totally breaks SMTP.

> Finally, as for "...undermine confidence in the reliability of the
> Internet's mail systems..." - it hasn't been reliable since spammers
> virtually took over the email.  And even when emails were rejected, it
> still was no indication the recipient got the message.

Of course it wasn't, but it was certainly a positive indication that the
recipient did *not* receive it (as long as the sending server is
properly configured).

> There is, and never has been a reliable end-to-end verification of email
> messages.

Well, that at least is true.

> BTW - by definition, any messages to any of the domains I manage without
> a valid email address are "seriously fraudulent or otherwise inappropriate".

Really?

So when the President/CEO of XYZ Corporation, who does business with a
customer whose domain happens to be managed by you, accidentally typos
an email address, you consider that a 'seriously fraudulent or otherwise
inappropriate' email?

You must not have any real commercial customers, because I would imagine
you would be a prime target for lawsuits for losing emails like this, as
it would only be a matter of time before it was something important sent
by someone important to someone else important.

That said, I do have an email template I send to our users regularly
explaining why/how email should never be considered 100% reliable, and
if they ever send an email that has money riding on it being received,
they should follow it up with a phone call to make sure it actually was
received. I guess people like you are one of the reasons I have that
template and need to send it out on occasion.
Reply to: