On 14/09/2022 9:24 pm, Renaud Allard via mailop wrote:
On 9/14/22 10:57, Alessandro Vesely via mailop wrote:
* Stop blackholing.
That one is the absolute worst of the worst of the worst. Blackholing
is something that _MUST NOT_ be done, ever, for whatever reason. There
is never and has never been a good reason for blackholing. If you
don't like a mail, give it a 5XX error, never accept it. When you have
accepted a mail you MUST deliver it.
Even "spam folder" is a bad idea. If it's spam, reject it with 5XX.
You can never be sure people will look in the spam folder. And if they
do check it, why should it be there in the first place, email could as
well land in inbox, that's one less action to take to see your mails.
As much as I dislike quarantine, the reality is that the big players
aren't the ones who care when your important email is miscategorised as
spam.
Just this week it was only through the due-diligence of a local (New
Zealand) company that I didn't lose an in-service domain name... my
anti-spam platform was dutifully issuing 5xx 'this is spam' errors (and
refusing delivery) of domain validation requests coming from OpenSRS.
OpenSRS just kept trying, as if repeated attempts with the same
non-delivery result were somehow going to change the outcome. They
(OpenSRS) did nothing useful with the 5xx error and the consequence
would've been very disruptive for a service I have a strong interest in,
if the registrar had decided that I was unresponsive as a result and
suspended my service.
(I was first to create an explicit allow policy for the sender, and ask
my (local) vendor to initiate another attempt, which I then received).
No doubt OpenSRS deal with thousands of non-delivery notifications, and
don't feel like unpicking every single one. It's up to a Registrant to
be contactable via registered details, right? The consequence of getting
it wrong was very much mine, not theirs.
Yes my anti-spam vendor was miscategorising the email as spam, no doubt
due to poorly implemented automation reacting to 'this is spam' feedback
from people receiving unsolicited domain-related correspondence for
domains (perhaps not realising that doing so is creating new heuristics
that'll negatively impact anyone else consuming the same engines if they
get it wrong. But anti-spam measures are imperfect. Blindly expecting
5xx for all spam reports is not realistic IMO... quarantines and
spam-folders are a reasonable compromise that gives the end-user some
ability to influence the real-world consequences of getting it wrong.
Perhaps a good time to remind some mailing list participants that
there's more to the Internet than ATT, Verizon and Microsoft ;-)
Especially when we remember the Internet extends beyond North America.
From someone still valiantly running their own personal MTA, as a VPS,
and with a little help from third-party anti-spam tooling and mail relay
services on occasion. Generally successfully, and still strongly
disinclined to hand my email environment to an oligopoly operator. But
it's a near thing sometimes.
Mark.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
