On 18-02-14 12:25 PM, Al Iverson wrote:
On Wed, Feb 14, 2018 at 3:06 PM, Michael Peddemors
<mich...@linuxmagic.com> wrote:
Yes, stop using obfuscated MAIL FROM's <smile>
It's not really wise to use non-obfuscated return paths when using
VERP. If it's easily decodable, a goofball could spin up fake ones to
try to get 'em logged as legitimate bounces and inhibit future
delivery of certain messages to certain recipients. Is it
common/likely? No, but I don't want to be the first to experience it.
It's yet another place you wouldn't want to intentionally expose PII.
Hi Al,
IMHO, using VERP for a confirmed double-optin mailing lists can be
understandable, but in that case, the list itself is very specific.
But even then, a non VERP MAIL FROM is much preferable..
(eg Return-Path: <mailop-boun...@mailop.org> )
However many ESP's use VERP for all of their lists, with no
differentiation at all.
(eg Return-Path:
<bounce-mc.us11_46629041.710829-removal_request=me.linuxmagic....@mail53.suw15.mcsv.net>)
( eg Return-Path:
<bounce-mc.us4_17752707.723609-me=linuxmagic....@mail24.suw11.mcdlv.net> )
( eg Return-Path: <bounces+675589-311f-me=linuxmagic....@sendgrid.info )
And of course those one click 'marketing' spam engines that pop up on
VPS's all the time (Michael Kohl Handbags!)
(eg Return-Path: <bounce-7184-20039372-7828-...@nkdww.com>)
And since the direction most MTA's go is to reduce any form of 'bounce'
or backscatter, the idea of using the VERP to detect 'bounces' is
probably not as important as it once was, unless the emails are
forwarded or client side bounces)
I personally believe that verp_respo...@esp.com is 'not' what good ESP's
should be doing, they should clearly reflect whom they are sending for
in the MAIL FROM, whether that be distinctive domain representing whom
the emails are for, or even better the person that it is sending for.
When a large operator sends millions of emails all with the same VERP
style/pattern, it does a disservice.
Now, of course some (and not going to point out names here) ESP's
actually like the VERP method, because if they have ONE too big to block
company they represent, they can use that as an excuse to have companies
whitelist their @esp.com domain, allowing a higher delivery account for
all the other less clean lists and senders..
I think that transparency is important, and allows for the recipient to
make more informed choices as to the emails they want and don't want.
Of course, this is ONLY my personal opinion.. The world is not perfect,
but the ESP's who are sending with clear transparency are going to
enable their legitimate email to have a lot higher success rates.
Now..
To my next rant about banks who don't use transparent methods, or at
least SOMETHING related to their domain in their legitimate emails..
We save that for next week..
Have a good weekend all..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
