this has been an interesting thread. i'll touch on only a few points.
Marcel Becker wrote on 2022-04-14 02:14:
On Wed, Apr 13, 2022 at 2:58 PM Paul Vixie via mailop <mailop@mailop.org
<mailto:mailop@mailop.org>> wrote:
that google is provably wrong and provably non-transarent in how they
decide what inbound e-mail to reject.
Unless you have a solution which ensures that only good senders are able
to send email, then yes, you will find that receivers will be mostly
non-transparent on how they decide what to reject. Any receiver
protecting their users will be.
thank you for putting that so delicately. i said provably wrong, though.
the proof is that the goal of deliberate rejection of some inbound
e-mail is to increase the goodput fraction not to decrease the badput
fraction. false positives do not achieve the actual objective, and a
policy which must inexorably and does in fact reduce the goodput
fraction, is provably wrong.
as to your observation on transparency, all of the early distributed
reputation systems (RSS, RBL, DUL, and later the SBL) had a rejection
message which was the URL of a document which explained why that
particular message had been blocked, what was the evidence behind the
reasoning, and what steps could be taken to accept accountability. this
may have been before some of the people participating in this thread
were participating in the e-mail industry, but it was once a norm with
100% coverage. as co-founder at MAPS i've got to say that transparency
of this kind is part of how we got sued so often and so well.
google does not do this. and having offered free(-ish) e-mail services
to my friends, my family, and my colleagues on a bunch of mailing lists
i operate, their lack of transparency does real harm to the community
(in addition to the self-harm described above). i will never argue that
google (or anybody) has a duty to accept all e-mail. as the owner of
their service they have authority over its policy. what i am arguing is
something more subtle: if you reject e-mail, say why, because it might
be a false rejection worthy (to the service operator) of getting fixed.
finally as to your clear implication that transparency by defenders can
aid attackers. we found this to be true from the earliest days of spam,
where spammers could tune their methods making gradual improvements as
directed by the errors they received, until they found a way through. i
called out spamassassin for this problem on the day it was released, so
hopefully i'll seem both informed about and sympathetic to your concern.
here's how it applies in the gmail case.
if gmail is concerned only with badput volume and not goodput volume
then they would not want the risk of enabling spammers to tune their
methods. in this case they would tell their user base both current and
future that "we're going to silently reject a lot of inbound e-mail
without telling our recipients or the outside senders why, and so you
will sometimes miss e-mail, which will not be received by us at all and
therefore cannot be placed into your spam folder."
that's not their messaging. if they're not going to speak words to this
effect then they have a duty of care *to their users* to not take
actions to this effect.
note, i don't mind the spam folder thing. last night i found my COVID
test result in my spam folder and while i find this sophomoric it does
not indicate false advertising, or absence-of-truth advertising.
know better than to cooperate with your oppressor.
This was stressed before (even by the list admin): But if you want
people to collaborate and be more transparent, maybe refrain from
sentences like the one above.
i think the thread that descended from the above text has been quiet
collaborative, and my experience does not provide me a more effective
way to get at the real issue than to say it out loud.
gmail is to me an example of late stage surveillance capitalism in which
things are centralized that don't need to be leading to constraints
imposed without informed consent or indeed any consent at all.
anyone who knows either first hand or from reports on this mailing list
that gmail will occasionally reject goodput with no transparency and
thus permitting no recourse, should probably stop using gmail for their
own mail, and should probably stop recommending that others use gmail
for their own mail.
for google to accumulate a billion e-mail endpoints and then after some
period of years impose fees on some and impose opaque filtering rules on
all, is at least an abuse of position. to emit gigatons of spam at the
same time raises this to an exercise in oppression because google
demands recourse for itself but offers none to others.
i was not expecting any of google's people to respond on this thread no
matter what language i used. not that i meant to alienate, only that the
issues at heart here are long known and well trodden.
--
P Vixie
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop