Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 8:05 AM, Tanstaafl wrote:
> On 10/13/2014 9:53 PM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
>> Not a grey area at all. "...dropping mail > without notification of the
>> sender is permitted...". As for the "...long tradition and community
>> expectations..." - that's nice, but according to some estimates,
>> spammers now account for over 90% of the email traffic on the internet.
>
> And there are very simple ways to eliminate 90+% of that very simply
> (postfix+postscreen, without any additional tools), without risk of
> rejecting *any* legitimate email, and without *breaking SMTP*, which is
> what you are advocating.
>
> By adding a few simple additional tools (amavisd-new+spamassassin), you
> can easily deal with the remaining 9.9%...
>
> If you think I'm kidding, please by all means go make these silly
> statements on the postfix list and I'll just sit and watch the fun.
>
You don't read very well. This has nothing to do with emails to a valid
address. A large amount of that spam goes to invalid addresses. I see
them go through the logs regularly.
>> To bounce all of those invalid addresses not only would further
>> increase the amount of junk on the internet,
>
> That is pure and absolute nonsense. The vast majority of spam comes from
> botnets, and *rejecting* garbage from these results in ZERO additional
> smtp traffic.
>
Wrong. Rejecting garbage sends a message back to the originator,
increasing the traffic. Simply dropping them, as I do, does not.
>> but by not replying, servers tell the spammers what are valid email
>> addresses.
>
> More nonsense. Security through obscurity *never* works, and only, in
> this case totally breaks SMTP.
>
Wrong on two counts. First of all, the false notion "Security through
obscurity *never* works". This has nothing to do with security. And
BTW, that statement is also wrong - why do you think people are
encouraged to use obscure passwords if it doesn't work? But that's
another subject.
On the second count - please point out exactly which RFC I am violating
that "breaks SMTP".
>> Finally, as for "...undermine confidence in the reliability of the
>> Internet's mail systems..." - it hasn't been reliable since spammers
>> virtually took over the email. And even when emails were rejected, it
>> still was no indication the recipient got the message.
>
> Of course it wasn't, but it was certainly a positive indication that the
> recipient did *not* receive it (as long as the sending server is
> properly configured).
>
And why should I care if a bot finds out the message has not been received?
>> There is, and never has been a reliable end-to-end verification of email
>> messages.
>
> Well, that at least is true.
>
>> BTW - by definition, any messages to any of the domains I manage without
>> a valid email address are "seriously fraudulent or otherwise inappropriate".
>
> Really?
>
Yes
> So when the President/CEO of XYZ Corporation, who does business with a
> customer whose domain happens to be managed by you, accidentally typos
> an email address, you consider that a 'seriously fraudulent or otherwise
> inappropriate' email?
>
Yes. Just like a misaddressed letter at the post office. It will not
necessarily be returned.
> You must not have any real commercial customers, because I would imagine
> you would be a prime target for lawsuits for losing emails like this, as
> it would only be a matter of time before it was something important sent
> by someone important to someone else important.
>
I have enough, and there are no valid emails lost.
> That said, I do have an email template I send to our users regularly
> explaining why/how email should never be considered 100% reliable, and
> if they ever send an email that has money riding on it being received,
> they should follow it up with a phone call to make sure it actually was
> received. I guess people like you are one of the reasons I have that
> template and need to send it out on occasion.
>
>
Ah, so even you admit email is not reliable. If it were, why would you
encourage your people to follow up with a phone call? After all, if
they didn't get a reject message, the email MUST have gone through.
Jerry
Reply to: