On Thu, 10 Dec 2020 08:38:30 +1300, David Neil <Postfix@rangi.cloud> wrote: > Evidently we share frustration.
This is an understatement :) . Just seeing the subject of your original email made my blood pressure go all over the place. > The 'silent drop' bothers me - the message author went to some trouble > to write. Does (s)he deserve such treatment? Who takes responsibility > for the 'damage' breaking the author-reader relationship? (personal or > business) I'm not sure what the "silent drop" is about... Some recipient server is setup to pretend-accept your emails when you are listed on that DNSBL ? Because AFAIK the DNSBL, for all my negativity about them, do not mandate any special treatment in case of positive match. If the mail admin decided to trust that specific DNSBL and use pretend-accepts, I would suggest they do not show a habit of making sane configuration choices. > The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of > that! So, it is justified (reading some of the BL outfits' notes) that > fake-messages are not returned to unwitting email accounts, because it > adds to traffic volume/nothing they can do/etc - or is it? This would be backscatter spam I guess. The modern solution to this is SMTP-transaction-time rejection rather than bounces. It should not require pretend-accepts. > We have to jump-through-hoops in order to build an email server that > works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if > not account) and IP address. So, surely there is a clear difference > between some 'bad actor' spoofing my email address and sending spam from > his IP, and me sending 'legal' messages from my IPaddr? Nobody is exempt from a compromised account or a compromised machine, so I do recognise a need beyond SPF/DKIM/DMARC. But not everybody has what it takes to be a good DNSBL, and not all DNSBL should be treated equally. Some are just in it way above their head in how clean they can keep their list of false positives and/or false negatives. In my experience, recipients do not realise they are relying on such 3rd-parties they themselves have no control over. They do not have a contract with the DNSBL, so there is nothing to denounce, so it does not exist. > Accordingly, why > are such email 'control systems' not used to differentiate when it comes > to providing (valuable!) feedback? eg Sorry dn, we have received this > message from the correct SMTP-server, but that IPaddr appears in our > black-list... Sadly, in such arms race details are ammunition. Giving them to the unauthenticated is letting them poke around to find the next weakness. I would rather argue that accountable mail admins would be a huge gain: the recipient entity, if a legitimate email got lost, should review their mail filtering practices. Which means they must not be vulnerable to BOFH gaslighting them about what an acceptable filtering policy is, which require technical literacy about emails beyond the direct admin. And I am happy to submit to this myself (then again, I'm in a small tech company which had sane email policies from way before I joined). Then, complaints can follow the contract: sender can complain that recipient is losing their emails, which prevents them from fulfilling the contract. Recipient puts their email admin in relation with the unhappy sender, they are now not anonymous anymore, useful details get exchanged, the badmouthing DNSBL nobody has a contract with anyway is finally cast away, the cowboy gallops towards the setting sun, the end. -- Vincent Pelletier
