Re: Recipient validation - WAS: Re: Moderated posts?

To: debian-user@lists.debian.org
Subject: Re: Recipient validation - WAS: Re: Moderated posts?
From: Jerry Stuckle <jstuckle@attglobal.net>
Date: Tue, 14 Oct 2014 11:17:54 -0400
Message-id: <[🔎] 543D3EA2.4070508@attglobal.net>
In-reply-to: <[🔎] 543D116C.6020506@libertytrek.org>
References: <o8okh-Ws-5@gated-at.bofh.it> <o8oDD-1Av-3@gated-at.bofh.it> <oat6a-3tV-11@gated-at.bofh.it> <oatpw-3RV-21@gated-at.bofh.it> <oavAZ-76h-1@gated-at.bofh.it> <oavUm-7JF-11@gated-at.bofh.it> <oaXnz-7kl-1@gated-at.bofh.it> <oaXQC-89t-1@gated-at.bofh.it> <oaYjE-i9-13@gated-at.bofh.it> <[🔎] 543C820A.5060601@attglobal.net> <[🔎] 543D116C.6020506@libertytrek.org>

On 10/14/2014 8:05 AM, Tanstaafl wrote:
> On 10/13/2014 9:53 PM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
>> Not a grey area at all.  "...dropping mail > without notification of the
>> sender is permitted...".  As for the "...long tradition and community
>> expectations..." - that's nice, but according to some estimates,
>> spammers now account for over 90% of the email traffic on the internet.
> 
> And there are very simple ways to eliminate 90+% of that very simply
> (postfix+postscreen, without any additional tools), without risk of
> rejecting *any* legitimate email, and without *breaking SMTP*, which is
> what you are advocating.
> 
> By adding a few simple additional tools (amavisd-new+spamassassin), you
> can easily deal with the remaining 9.9%...
> 
> If you think I'm kidding, please by all means go make these silly
> statements on the postfix list and I'll just sit and watch the fun.
>

You don't read very well.  This has nothing to do with emails to a valid
address.  A large amount of that spam goes to invalid addresses.  I see
them go through the logs regularly.

>> To bounce all of those invalid addresses not only would further
>> increase the amount of junk on the internet,
> 
> That is pure and absolute nonsense. The vast majority of spam comes from
> botnets, and *rejecting* garbage from these results in ZERO additional
> smtp traffic.
> 

Wrong.  Rejecting garbage sends a message back to the originator,
increasing the traffic.  Simply dropping them, as I do, does not.

>> but by not replying, servers tell the spammers what are valid email
>> addresses.
> 
> More nonsense. Security through obscurity *never* works, and only, in
> this case totally breaks SMTP.
> 

Wrong on two counts.  First of all, the false notion "Security through
obscurity *never* works".  This has nothing to do with security.  And
BTW, that statement is also wrong - why do you think people are
encouraged to use obscure passwords if it doesn't work?  But that's
another subject.

On the second count - please point out exactly which RFC I am violating
that "breaks SMTP".

>> Finally, as for "...undermine confidence in the reliability of the
>> Internet's mail systems..." - it hasn't been reliable since spammers
>> virtually took over the email.  And even when emails were rejected, it
>> still was no indication the recipient got the message.
> 
> Of course it wasn't, but it was certainly a positive indication that the
> recipient did *not* receive it (as long as the sending server is
> properly configured).
> 

And why should I care if a bot finds out the message has not been received?

>> There is, and never has been a reliable end-to-end verification of email
>> messages.
> 
> Well, that at least is true.
> 
>> BTW - by definition, any messages to any of the domains I manage without
>> a valid email address are "seriously fraudulent or otherwise inappropriate".
> 
> Really?
> 

Yes

> So when the President/CEO of XYZ Corporation, who does business with a
> customer whose domain happens to be managed by you, accidentally typos
> an email address, you consider that a 'seriously fraudulent or otherwise
> inappropriate' email?
>

Yes.  Just like a misaddressed letter at the post office.  It will not
necessarily be returned.

> You must not have any real commercial customers, because I would imagine
> you would be a prime target for lawsuits for losing emails like this, as
> it would only be a matter of time before it was something important sent
> by someone important to someone else important.
>

I have enough, and there are no valid emails lost.

> That said, I do have an email template I send to our users regularly
> explaining why/how email should never be considered 100% reliable, and
> if they ever send an email that has money riding on it being received,
> they should follow it up with a phone call to make sure it actually was
> received. I guess people like you are one of the reasons I have that
> template and need to send it out on occasion.
> 
> 

Ah, so even you admit email is not reliable.  If it were, why would you
encourage your people to follow up with a phone call?  After all, if
they didn't get a reject message, the email MUST have gone through.

Jerry

Reply to:

Follow-Ups:
- Re: Recipient validation - WAS: Re: Moderated posts?
  - From: Tanstaafl <tanstaafl@libertytrek.org>

References:
- Re: Moderated posts?
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Recipient validation - WAS: Re: Moderated posts?
  - From: Tanstaafl <tanstaafl@libertytrek.org>

Prev by Date: Re: debian-advocacy?
Next by Date: Re: piece of mind (Re: Moderated posts?)
Previous by thread: Re: Recipient validation - WAS: Re: Moderated posts?
Next by thread: Re: Recipient validation - WAS: Re: Moderated posts?
Index(es):
- Date
- Thread