[Wylug-discuss] Re: SMTP standards (was Please confirm...)

James Holden wylug at jamesholden.net
Mon Mar 29 13:24:21 BST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Corlett wrote:
| James Holden <wylug at jamesholden.net> wrote:
|
|>Peter Corlett wrote:
|>
|>>James Holden <wylug at jamesholden.net> wrote:
|
| [...]
|
|>>>If you deny access based on an invalid HELO, you *will* lose legitimate
|>>>mail, and you *will* be breaking RFC 2821 (sec 4.1.4).
|>>
|>>It's not lost, it's just not being accepted. That's a subtle, but
|>>important distinction.
|>
|>It's lost if it never hits your mailbox when it should have done.
|>Subtlties are unimportant. Your users won't get mail which they should
|>have done. Try explaining that to them when they don't receieve that
|>important order.
|
|
| No, a message is lost if a SMTP server chooses to drop the message after
| accepting it and taking responsibility for it. It is not lost if the
server
| chooses to give a 5xx response. The sending SMTP server retains
| responsibility for not losing the message. If the sender is broken and
| subsequently loses the message, that's their problem.
[snip]

I still don't care. What I'm talking about is a business issue, not a
technical one.

Blindly rejecting mail based on what argument is given in the HELO/EHLO
is a dumb way of filtering spam because the false positive rate is far
too high.

If you're going to take it into consideration, it's best done futher
down the line by use of a scoring system, like Jim said.

My point was (and still is) that you will lose mail you really, really
wanted if you reject mail in this way.

As far as TMDA goes, which is how this all started. You'll only get a
TMDA confirm if:

a) You haven't been sent mail from me before and therefore are not
auto-whitelisted.
and
b) You haven't had one before.
and
c) You're not sending to a "magic" address, like the one's which are
added to my list posts.
and
d) You're not whitelisted and your message looks spammy in the first
place, because if it scored negative in spamassassin it doesn't go
through TMDA because there's a high probability it isn't spam. I only
use TMDA for the maybe-spams.

In other words, even if you send me something spammy, you *still* get
the chance to get it delivered, provided you're a human. I think that's
pretty fair, and better than binning stuff based on a highly flawed DNS
test.

For average users, bounce messages are totally meaningless. To them, it
means that you don't exist. They really couldn't give a stuff about
their own companies outbound mailer not having a DNS entry. Once they
get a bounce message, they're not going to bother trying to talk to you
again. Refusing to talk to people because of something they don't know
anything about and can't do anything about won't help you make friends.

TMDA confirms are a different matter. They are purposefully crafted not
to look like a bounce, and contain clear instructions on what to do
(most important) and why it's happenning (not as important).



James



James




- --
James Andrew Holden, Leeds, UK    (james at jamesholden dot net)
GPG Key: 1024D/8358863A    *Please encrypt mail where possible!*
Fingerprint:  32C9 A76F 3CFE A06C 1B00  5AAB 9877 4742 8358 863A
jamesholden.net ICQ: 11290827 >Buy Linux CDs from fastdiscs.com<
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAaBV1mHdHQoNYhjoRAjuiAJwIPboH+ydqg8bI8I7TnDtqLhy+EACfefpj
32ou1r25Ht+lDpm1zMGyABo=
=iFGR
-----END PGP SIGNATURE-----

More information about the Wylug-discuss mailing list