On 10/14/2014 8:05 AM, Tanstaafl wrote: > On 10/13/2014 9:53 PM, Jerry Stuckle <jstuc...@attglobal.net> wrote: >> Not a grey area at all. "...dropping mail > without notification of the >> sender is permitted...". As for the "...long tradition and community >> expectations..." - that's nice, but according to some estimates, >> spammers now account for over 90% of the email traffic on the internet. > > And there are very simple ways to eliminate 90+% of that very simply > (postfix+postscreen, without any additional tools), without risk of > rejecting *any* legitimate email, and without *breaking SMTP*, which is > what you are advocating. > > By adding a few simple additional tools (amavisd-new+spamassassin), you > can easily deal with the remaining 9.9%... > > If you think I'm kidding, please by all means go make these silly > statements on the postfix list and I'll just sit and watch the fun. >
You don't read very well. This has nothing to do with emails to a valid address. A large amount of that spam goes to invalid addresses. I see them go through the logs regularly. >> To bounce all of those invalid addresses not only would further >> increase the amount of junk on the internet, > > That is pure and absolute nonsense. The vast majority of spam comes from > botnets, and *rejecting* garbage from these results in ZERO additional > smtp traffic. > Wrong. Rejecting garbage sends a message back to the originator, increasing the traffic. Simply dropping them, as I do, does not. >> but by not replying, servers tell the spammers what are valid email >> addresses. > > More nonsense. Security through obscurity *never* works, and only, in > this case totally breaks SMTP. > Wrong on two counts. First of all, the false notion "Security through obscurity *never* works". This has nothing to do with security. And BTW, that statement is also wrong - why do you think people are encouraged to use obscure passwords if it doesn't work? But that's another subject. On the second count - please point out exactly which RFC I am violating that "breaks SMTP". >> Finally, as for "...undermine confidence in the reliability of the >> Internet's mail systems..." - it hasn't been reliable since spammers >> virtually took over the email. And even when emails were rejected, it >> still was no indication the recipient got the message. > > Of course it wasn't, but it was certainly a positive indication that the > recipient did *not* receive it (as long as the sending server is > properly configured). > And why should I care if a bot finds out the message has not been received? >> There is, and never has been a reliable end-to-end verification of email >> messages. > > Well, that at least is true. > >> BTW - by definition, any messages to any of the domains I manage without >> a valid email address are "seriously fraudulent or otherwise inappropriate". > > Really? > Yes > So when the President/CEO of XYZ Corporation, who does business with a > customer whose domain happens to be managed by you, accidentally typos > an email address, you consider that a 'seriously fraudulent or otherwise > inappropriate' email? > Yes. Just like a misaddressed letter at the post office. It will not necessarily be returned. > You must not have any real commercial customers, because I would imagine > you would be a prime target for lawsuits for losing emails like this, as > it would only be a matter of time before it was something important sent > by someone important to someone else important. > I have enough, and there are no valid emails lost. > That said, I do have an email template I send to our users regularly > explaining why/how email should never be considered 100% reliable, and > if they ever send an email that has money riding on it being received, > they should follow it up with a phone call to make sure it actually was > received. I guess people like you are one of the reasons I have that > template and need to send it out on occasion. > > Ah, so even you admit email is not reliable. If it were, why would you encourage your people to follow up with a phone call? After all, if they didn't get a reject message, the email MUST have gone through. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d3ea2.4070...@attglobal.net
