On Mon 26/Jul/2021 21:38:21 +0200 yuv wrote:
On Mon, 2021-07-26 at 18:34 +0200, Alessandro Vesely via mailop wrote:
On Tue 20/Jul/2021 04:17:31 +0200 Ángel via mailop wrote:
On 2021-07-19 at 23:27 +0200, Slavko wrote:
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
The only usable way seems to be GoiIP blocking countries, but
i afraid that it is wrong way.
Why?
Hard to describe it in English for me, but i will try.
I consider blocking access by country as discriminating all
honest people in particular country. (...)
You opened the thread describing it as a "personal mail server". I
interpret that as being a mta serving just you, or a few select family
members/friends. As such you can (should?) be highly selective. >>
I run a personal mail server too. I agree with safety arguments and
all what Bill said. However, any family member/ friend of mine, or
even myself, could travel abroad for a week and forget to punch that
hole in the firewall. In addition, some use foreign services that
login on their behalf (gmail is one).
Punch hole in the firewall function must be easy. All user need to do is
call a URL from the IP address from which they want to send email. Arrive at
the hotel, log on to WiFi, hit https://example.com/hereIam with some
authorization token or password and the hole in the firewall is punched
automatically for the next 24 hours. If they forget, they get a bounce back
from the mail server, they do the log on and they resend.
Sounds cute. I have something similar to exceed daily send limit of 100 msgs.
Nobody has ever used it, yet.
Define "foreign?" -- to me, in the hostile world of the internet, every
IP address that is not under my control is foreign.
Yeah, right. I meant in the Geo sense.
However, I discriminate by country when I report such abuses. I only send
reports to countries where I expect providers act under democratic laws. >
How do you know the laws of all countries? when interests are aligned,
autocratic laws are better than democratic laws. If China's rulers decide
to clamp down on spam emission, you can bet that their enforcement and
therefore their outcome will be superior to that of any self-righteous
idiocracy.
Hm... China is often accused of punishing lawbreakers excessively. OTOH,
Russia doesn't seem to have any aim at reducing cyber-piracy. But then I don't
know, and IANAL. I keep clear.
And the big ISP/ESP are like not-so-little autocracies. If Microsoft/
Google/ Amazon wanted to reduce spam, they could do it by cutting accounts
aggressively. However, that is not aligned with their interest of making
money. Those amounts are all associated with a credit card. Not
necessarily the spammer's, but as long as money flows in, GAFAM will not
make a fuzz about it.
That deserves being countered.
However, spam is different from clownish password cracking attempts. Even
GAFAM counter it actively.
I don't want to wreak more havoc than it deserves, nor to deal with
incomprehensible problems. This discrimination also helps reducing
the overall number of reports being sent.
Does that make any sense?
If it makes sense for you, by all means. Given the outcome, I wonder
how many of these reports are directed straight through to /dev/null
with zero human review.
/dev/null is probably the main recipient. Some abuse teams bounce. Some (e.g.
OVH) reply automated messages saying that they only accept complaints through
their web interface. (I have a no-send list for that.)
I figure most of those abusers are half-interested webmasters who fell victim
of bot intrusions. Good ISPs notify their customers who, in turn, remove the
malware. I can gauge ISP intervention by steadily decreasing complaint rates.
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
