[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Stanford disliking my emails -- update + question

From: Ken Hornstein
Subject: Re: [Nmh-workers] Stanford disliking my emails -- update + question
Date: Wed, 22 Apr 2015 23:22:27 -0400

>I think you read that a little differently than I intended - I didn't mean to
>imply that this would be free (just included in whatever else you get) though
>it sometimes is (I suspect that's rare) - they're businesses, and will seek a
>profit from whatever avenue they can, which is reasonable - most often there
>will be some additional charge, but often (from the commercial pay for use
>providers, as distinct from google etc. who raise revenue other ways) this
>is a service they offer - why wouldn't they - it costs them almost nothing,
>and they can charge for it.

Fair enough ... but again, my two examples (Verizon and pobox.com) don't
include it in their service they provide to me that I pay for.  But that
doesn't really get to my larger point - every other MUA manages to send
email fine, without requiring your own domain.  It seems backwards to
tell nmh users this is the preferred solution.

>  | Secondly ... I will note that I believe no other MUA lets you explicitly
>  | configure the hostname for the SMTP HELO/EHLO messages.
>SMTP HELO (or EHLO) isn't the most important use, nor are Received headers,
>though they're more relevant, the one that matters most is the Message-ID.
>To be correct, that needs a valid FQDN.

That ... is not my reading of RFC 5322, ยง3.6.4.  It just has to be unique.
Yes, a FQDN is RECOMMENDED, but not required.  And our default configuration
is to not add a Message-ID at all; we just let the MTA we submit email to
take care of it (which seems more robust to me).  Yes, I know there are
people out there who want complete control over their Message-ID; we
support that, but I feel if you're the kind of person who does that then
you have the responsibility to make sure your hostname is configured
properly (or use -messageid random).

>Your message uses a pobox.com
>domain there - that's fine, but for people sending via meshanisms that
>don't add a message id, where we have nmh add one, or a locat MTA, then
>a domain name really is a requirement.   And it's easy (you don't have to have
>it set up to do anything useful - it doesn't need to be able to receive
>e-mail, or generate IP addresses, oe anything like that.)

Well, it's "easy" as long as you want to pay for it.  Which, again, pretty
much every other MUA out there manages to do this without a problem.

>  | Thirdly ... I think it's ridiculous that Stanford's anti-spam rules
>  | trawl through Received headers (which are defined as being free-form)
>Actually, they're not, they have a fairly strict format (with lots of
>options, true) - but that's not really the point.  The real issue is that
>spammers tend to put in a chain of bogus Received headers in messages they
>send in a rather lame attempt to hide the true origin of the message.

Fair enough, I was wrong about that ... although, really, RFC 5321 says
you can't count on them to have any format, but like you said, not really
relevant here.  My key point was that Bob's message was validated by
gmail's DKIM rules; that only happens if you authenticated to gmail to
submit the message.  If that happens, you shouldn't need to check the
Received headers for bogus stuff.

>Detecting that series of bogus Received headers is one way to determine that
>a message is probably spam - it is not at all a useless technique (your
>"most windows users" MUAs don't tend to add Received headers at all - and
>nor should they - nor does nmh, which it also shouldn't - but if you deliver 
>via a local sendmail/postfix/exim/... which I personally believe is the
>best way to config nmh, then it will (and should) and you need a domain name
>for that.

I know we're never going to agree on the best way to configure mail
submission, but you have admitted in the past that your have an unusual
amount of control over your local domain, to a degree that I think
very few people have nowadays.  Also, you've been around long enough
that you probably remember having to deal with sendmail.cf directly
rather than having it generated by m4 templates.  For you, registering
a domain isn't a big deal because you did that already and of course
sendmail configuration is easy.  But ... for the person who has a more
traditional setup (e.g., has a residential ISP and submits to gmail),
making that a requirement is overkill, and like I said earlier if they
have to ASK how to configure sendmail here then they shouldn't be using
it.  Their world will be easier if they submit email like everyone else
does (and really, if they're at that level of sophistication then they
won't get any of the advantages of having their own domain).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]