Am 07.07.24 um 14:54 schrieb Alessandro Vesely via mailop:
(a bit of understandable ranting)
Is that anyhow related to democracy?
No. But mail interoperation isn't govered by democracy.
Idealized history: Initially (when there were a few dozen mailhosts), there was mutual understanding that each host
could send mail to each other, and that mail host operators had a responsibility for keeping it working and non-abusive.
That time is long gone. Many mail host operators (small and huge) don't assume responsibility for the spam mail their
hosts are sending, and in response many operators don't assume responsibility for accepting mail and delivering it to
their users if there's some (well-founded or ill-founded) reason to suspect that it may be spam.
My personal suspicion is that this is to a good part caused by the ease with which mail host operators can hide behind
anonymized or fake domain registration, RIRs which are very reluctant to disconnect persistent abusers, big corporation
bureaucracies, etc. As a result, spam needs to be rejected when it tries to enter your system, and if you can't identify
the actual source of spam and block them precisely, you'll categorize mail sources by other criteria such as size,
location, etc., which may be statistically valid but prone to false positives.
I don't have an easy solution. DNS blocklists have long tried to publish sources of spam so that they can be blocked
selectively, but apparently the large operations prefer to apply their home brewed solutions, maybe because their
experience with the total effectiveness of the blocklist-based approaches isn't so good, or maybe because they believe
they can do better? I don't know.
I believe (and have good empirical reasons to believe) that quick blocking of identified spam sources, identification
and blocking of network resources persistently utilized by spammers helps to keep a lot of spam out of my user's
inboxes, so I can understand that big operators do that. Of course, I acknowledge that I'm not perfect and need to
correct occasional classification mistakes, so we also have a reliable method for acting on reports of false positives,
and apparently this is an area where the big players would need some more enthusiasm. I don't know how this can be
scaled from our small operation (about 400 domains with a couple thousand e-mail addresses) to big operations, but with
some automation and some staffing this should be doable (I'm doing this as a volunteer spending some hours per week, a
full-time team should be able to handle a significantly higher volume).
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
