Hello, Today we have spam filtering with IP/DNS blacklist (ex spamhaus) and message content control (ex spamassasin). However this is not enough.
In my case my email / name / address was revelead due to ledger hacking. Since then I receive many spam, some crypto phishing, and more insidiously I got email from « legit » mailing lists. I put legit in quote because in my opinion they should ask you to confirm your subscribtion with an email confirmation link before they are sending their news. I don’t care about the content of those mailing list, and it pollutes my inbox. I can unsubscribe but nothing is preventing some bot to subscribe my email again, so I ban them and today I have about 50 banning rules. I was thinking about a better system, where I could receive unsolicited email only from human and not from bot. So the system is to separate email I give to human « gael.lal...@gaellalire.fr » from email I will give to websites : - « gael.lalire+lo1u0...@gaellalire.fr » for amazon - « gael.lalire+cxd9a...@gaellalire.fr » for ledger Human address (gael.lal...@gaellalire.fr) is supposed to be shared so I need to be sure that the user is an human. To do so smtp server should manage a list of email which are human. First you will populate this list with your address book and then each time you send a mail it will add each « to addresses » to this human list. If you receive a mail where « from address » is in the human list, it will be accepted. If you receive a mail where « from address » is not in the human list, it will be put in hold and send a response email asking to prove that you are human (recaptcha ?). We need a mecanism to avoid infinite loop between two server having this configuration. The plus-addresses (gael.lalire+lo1u0...@gaellalire.fr) are not supposed to be shared, so smtp server will not check if the user is an human however it will check that the + key is authorized (here lo1u092v), if yes the email goes to inbox, if not the email is rejected. To manage these authorized plus-addresses, I think we need a protocol so that password manager (bitwarden, 1password …) can manage this list. So let’s say that password manager is generating a new plus-addresses, it will be possible for it to put an icon to put the plus-addresses in authorized list or to remove it. I was thinking this button can send a mail to a predefined plus-address like « gael.lalire+authori...@gaellalire.fr », the content will be signed with a private key. The smtp server need to manage email send to this predefined plus-address differently : no auth needed, add / remove from + list only if signature is valid and from an authorized public key, never send to inbox. If at some point a website is hacked you can simply revoke the + key through your password manager, generate a new one, and authorized the new one (still trough password manager). I’m pretty sure that what I described is not yet possible. But maybe some part of it is already possible, I would be happy to know what I can already put in place, and how. I would like that you make the evolutions to postfix allowing this system, or a better one. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
