[Asrg] Re: bounces, and anit-spam principles

Sun Mar 4 23:53:51 EST 2007

<gep2 at terabites.com> wrote:

> 1.  Spam is any mail the RECIPIENT does not want, 
> regardless of how much the sender wants to send it.

Nope; I'm sure there's a subscriber who doesn't want this argument
continued, but that doesn't make it spam.

> 2.  Accordingly, the definition of what they do and do not 
> want

Is completely irrelevant.

The issue is whether they *solicited* it.

> 3.  Systems which rely on the "reputation" or "certifications" of
> the (supposed) sender are not very helpful,

Some sites find them sufficiently helpful to be used.  Their servers,
their rules.

> For example, one incredibly annoying thing that happens to me every
> month or so is that Yahoo will stop delivering my Yahooogroups list
> mails to me, because they got back a "hard bounce" message
> implicating one of my E-mail addresses.  Almost invariably, this
> hard bounce message got sent out by some idiot mail software which
> found a worm or virus in an incoming message (and NONE of these
> infected mails have actually been sent out by ME, of course) and the
> idiot software decided to send the bounce back to some third party
> (in my case, Yahoo), which (also not-cleverly) decides that since
> they got back a (completely bogus!) hard bounce message (and to a
> message that Yahoo didn't really send, either), they'd better not
> try to send any more mail to me.  :-( The result is that I typically
> lose anything from a half day's mail to as much as several days'
> mail from the various Yahoogroups I'm subscribed to.  :-((

My email address gets forged a lot, and I'm subscribed to a bunch of
Yahoo groups, yet that has never happened to me.

> Therefore, as an initial default (which would apply to "unfamiliar"
> senders) I still insist that mail from unaccepted senders be passed
> into my Inbox ONLY IF it contains NO HTML, and NO attachments, and
> does not exceed some specified size (10K, 50K, 100K, 200K, whatever
> the recipient decides to set as a threshold).

Nobody has objected to that: your server, your rules.

> The (initial filtering!) approach that I believe will work 
> is based on this fine-grained "permissions list" (with a 
> ruleset adjustable on a per-sender basis) which combined 
> with a suitable default behavior denies in one fell swoop 
> nearly all the tricks and subterfuges that spammers use to 
> evade and deceive content filters.

You mean like forging email addresses they think are likely to be your
correspondents?

> All of these DNS-based things based on "sender reputation" 
> and the like are doomed to failure because a well-reputed 
> sender CAN be infected and caused to send out spam.

And then it loses its good reputation.  And when things work as they
should, it loses that reputation before it gets around to spamming me,
so I never see the spam.

>  And just because they DO, doesn't mean that the LEGITIMATE mail
> they might still be sending out ought to now be t-canned.

Again, your server, your rules.  I don't want Typhoid Mary preparing
my food even if she won't infect me today.

Seth