[Techtalk] bogus bounces--WTF?

Karen Liesenfeld karen at kseven.org
Tue Oct 14 19:56:53 UTC 2008 

Hi Miriam,
your idea sounds like a good start. To me it looks worth exploring.

I just think that it will not be that easy. Legit email is not a just 
two server communication anymore. There are fairly complex scenarios out 
there for all kinds of good reasons.

The MX server of a domain according to DNS is not always the sending 
server. Some email gets relayed for security reasons. What if the 
secondary mail server is used for some kind of routing issues? What is 
with all the people that use mobile devices and webmail to send with 
their from address via different mail servers?

Some of those scenarios are the reason for DKIM and SPF being developed.

I imagine it will be difficult to find a single solution for all cases.

Ciao,
Karen


Miriam English wrote:
> Hi Carla,
> 
> That's an interesting point. I've always been infuriated at the loads of 
> spam I've always got (especially from Russia). Lately it is more than 
> just an annoyance as I've noticed some of my emails getting trashed by 
> people's less-than-intelligent spam filters, and I've missed some 
> legitimate emails sent to me because due to unfortunate subject line 
> choice. Even worse, my domain name has been banned by some sites because 
> some bastard spammers have been forging my address in their headers.
> 
> I have thought of a simple way to eliminate this stupid arms race that 
> is slowly wrecking email's viability. Trouble is nobody I've approached 
> wants to know about it... which is weird. I wonder if anybody here knows 
> who it could be put to?
> 
> All I want is for email to work easily again. The current obsession with 
> bolting on ever more complex rules to spam filters doesn't work. Banning 
> sites doesn't work. And the various pay-per-email "solutions" just suck 
> because not only would honest people have to cough up because of crooks, 
> but it wouldn't stop spam anyway.
> 
> The solution seems to me to be surprisingly simple. All that is needed 
> is for email not to be passed on to the receiver until the return 
> address is checked, similar to how normal http error checking is 
> currently done every time we access a web page. If the receiver machine, 
> on checking with the sender machine finds the address is valid and has a 
> record of having sent the email in question then the recipient gets the 
> email. If not then the header is forged and the email is deleted and 
> never bothers the recipient. Spammers would be reduced to using genuine, 
> unforged addresses, because forged sending addresses would simply never 
> get through. Places that have laws against spam would land them in jail. 
> Spammers in other places would simply render their addresses ineffective 
> because it is too darned easy to block a genuine address that sends lots 
> of spam.
> 
> The genuine servers would not have to hold on to the whole email, just a 
> checksum and perhaps date and/or subject. And only until it is verified 
> or some maximum time (maybe a couple of months) had elapsed. It doesn't 
> need to hold any identifying information, so it doesn't compromise 
> privacy. All that is checked is that the email's from address is genuine.
> 
> Since the very early days of the ARPANET email has hardly altered. The 
> system of attachments is terrible. It bloats email by expanding binary 
> to 7-bit encoding in a day when 8-bit communications are normal. And 
> because of the old naive trust we used to have, spam filters are 
> inefficiently bolted on, faced with the impossible task of deducing 
> genuine from fake email.
> 
> Email seriously needs to move into the 21st century. The current 
> outmoded form is gradually becoming more and more damaged by misuse.
> 
> Anybody know who could affect this? They are welcome to present it to 
> anybody they wish with my blessing. Or if they want, I would be 
> delighted to put these and more arguments for the case.
> 
> Best wishes,
> 
> 	- Miriam
> 
> Carla Schroder wrote:
>> What's with all the skillions of bogus email delivery failures I'm seeing 
>> lately? All from .ru domains. Are they spams, and this is supposed to make me 
>> curious and read them, and then lose my mind and buy stuff? Most of them are 
>> unreadable anyway, they're either in bad HTML that doesn't render, or 
>> Cyrillic characters.
>>
>> Carla
>

More information about the Techtalk mailing list