[imp] Various meaningful IMP default settings

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Mon Dec 22 17:23:26 UTC 2014


Zitat von Daniel Vollbrecht <d.vollbrecht at scram.de>:

> Am 16.12.14 um 21:28 schrieb lst_hoe02 at kwsoft.de:
>> People who are able take care of the real mail address are normaly aware
>> that the mailaddress is as easy to spoof as the real name. Without
>> digital signatures you can not really trust a mailaddress at all. You
>> have to verify by content then or by sideband eg. call the sender by phone.
>
> Fully agree, but it is no plausible argument when it comes to a  
> reason for just hiding it away. Especially as every mail client is  
> able to show the From: email address which I consider as industry  
> standard.
>
>> Nearly all Spams arriving by the big spam farms with throw-away domains
>> are perfectly DKIM signed, so no, it is not a problem of "hacked"
>
> How do you know what kind of spam I get? ;-)
>
>> accounts. If you still got spam *without* DKIM signature you should use
>> greylisting to keep away the dump spam-bots as they are the only ones
>
> We deploy everything: grey-, black-, whitelisting, content filter  
> etc. Fortunately, the ham/spam ratio is multiple dimensions of the  
> ratio just a few years ago – same deployed mechanisms. Back then,  
> there were 10k's of spam for one ham message, now it's just a few  
> spams.
>
> I still see around 40 % of non-DKIMed spam on the servers. If you  
> have a solution to eliminate that, I would be glad to know.
>
> And your explanation lacks a major point: If spammers can deploy a  
> nontrivial mechanism like DKIM, then they easily can circumvent  
> greylisting - just send it again after 300 seconds. The latter costs  
> much less than having a proper DKIM setup, especially since they use  
> bot nets and cheap virtual nodes at a large scale.

That's the whole point. The spam-farms are in fact real MTA which are  
able to retry *and* to do DKIM signing. Spam-bots don't do both and  
fail greylisting anyway. That's why the spam reaching the inbox is  
perfectly DKIM signed and therefore i will not teach our users to rely  
on it.

>> not using DKIM. And no, content based filtering is not a option for
>> people who actually care about email.
>
> Do you just use greylisting and no further server side filtering?  
> All just by mailbox individual learning algorithms?
>
> I claim to actually care about email *and* use content filtering. I  
> only had one false positive in many years which would have been a  
> very grave issue if not read. Fortunately, it is easy to regularly  
> have a look into the spam folder. Nothing gets deleted. Saves a lot  
> of time and once a week (or month at the moment is sufficient) a  
> quick look into 'spam' does the job.

It is fine that you do but most average mail users never have a look  
in a spam folder. We have seen to many e-mails ditched in some spam  
folder and ceased to work with supplier which can not be reliable  
reached by mail. Mail should be transactional as it is desigend. No  
error means the recipient has the mail in the inbox, not in some spam  
folder.

> And if you care about email, you should know that greylisting might  
> also be fault-prone. Just have a look at the whitelist that comes  
> with postgrey, there are lines like 'no retry, reported by' en  
> masse. Even some reported fairly recent in 2011.

If the sender doesn't get a least a error message the sending server  
is FUBAR and no one can expect it to deliver mail.

But that's all way OT and my last comment on this.

Regards

Andreas




More information about the imp mailing list