Re: [mailop] [E] Google bounce after accept

Sat, 31 Oct 2020 20:16:05 -0700 

On 2020-10-30 08:25, Marcel Becker via mailop wrote:
On Fri, Oct 30, 2020 at 1:11 AM Atro Tossavainen via mailop <mailop@mailop.org <mailto:mailop@mailop.org>> wrote: 

    Why does Google bounce after accepting a message? At Google's scale,
    the potential to become the world's biggest spammer simply through
    backscatter is enormous.



What do you prefer they do with that email if they determined it's 
malicious only after they accepted it?


A: Dropping it: Folks will complain about them "behaving like Microsoft"


B: Send it to the user (even spam folder): Users are not necessarily 
smart, they interact with phish mail in the spam folder; compromised 
accounts or worse



C: Bounce it back: It's legally the right thing to do, it's the right 
thing to do to protect consumers. Senders get annoyed.


I know what I'd do.



The problem isn't annoying actual senders, the problem is annoying me 
when I am not a sender or recipient, and instead am completely 
uninvolved in the transaction. There are other options.




D: Process and return real-time accept/fail after DATA when possible. 
When inadequate resources have been provisioned to keep up with load, 
note the hash of the item (attachment, message, whatever) and temp-fail 
it. If the hash is already on the list, send a temp-fail to the sender 
but queue it for scanning. Eventually the decision will be made and 
stored so that when the sender retries the message can be properly 
accepted/rejected at SMTP time.



E: Provision adequate resources to serve your customer base.



F: Stop accepting new customers until adequate resources have been 
provisioned.




G: Refuse to accept messages where the decision cannot be made 
immediately if there isn't valid SPF/DKIM validation of the bounce 
address. The rejection message can indicate that SPF/DKIM validation is 
required for this type of message. Combine this with D (only temp-fail 
if the sender cannot be validated, otherwise accept and queue).




There are still edge-cases, especially when there are multiple RCPT-TO 
addresses with different configuration but the information needed to 
make the decision isn't available until after the DATA command, or when 
the messages are queued for delivery to a customer's server... But 
things could be better.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop























					Reply via email to