Re: Sender verification

Top Page
Delete this message
Reply to this message
Author: Dr. Rich Artym
Date:  
To: exim-users
Subject: Re: Sender verification
In message <5m7obc$2h9@???>, T. William Wells writes:

> Long gone are the days where "be conservative in what you send, be
> liberal in what you accept" might work on the Internet. Nowadays,
> the policy pretty much has to be "be conservative in what you
> send, be a hard-nosed bastard about conformance to standards in
> what you accept". Thus, I have sender_verify turned on in my exim
> configs....


That's counterproductive. You just force spammers and those seeking
anonymity to spoof valid addresses, and thereby make it *more* difficult
for users to block them if they wish. Conformance with standards is a
very worthy goal, but spammers can conform by giving their mail a sender
address of postmaster@??? or some such. It should be fairly
apparent that RFC compliance is not a strong anti-spamming measure.

> : On this list, the issue should
> : be not how the developer or administrator feels about spam, but how we
> : can make Exim implement each ****END USER'S**** spam-filtering wishes.
>
> Yeah sure. *You* run an ISP for awhile. The end users don't give a
> damn. They want the spam *out* of their mailboxes and they don't
> much care how it happens. By and large, users don't know how to,
> don't want to know how to, and rely on their admins to have the
> "know how", to set up spam blocks.


I do run an ISP, one of the biggest in the country, but I don't presume
that my judgements are universal truths, and I don't place all end users
into a single pigeon hole and make generalizations about them. There's
no harm in global defaults if you allow individuals to override them,
but to do the former without doing anything to allow the latter leaves
us open to accusations of facism. At the moment we may not have very
good tools for providing users with individual control so broad strokes
are perhaps understandable, but we should at least be trying to develop
more powerful mechanisms that empower people, not just administrators.

> That needs to be the focus, not some unrealizable fantasy of user
> control over spam.


Not everyone is as unambitious as that. Those of us that are software
developers could easily design a variety of mechanisms that would offer
end users anywhere from minimal to total control over incoming mail, if
we put our minds and time to it. And those without softeng skills can
easily contribute to the wishlist and offer more general input, so, far
from being a fantasy, the prospects for full user control are good.

And just as well, too. Those seeking to impose global spam filters
seem to forget that their centralist approach isn't scalable to an
Internet environment of millions of spam sources and billions of end
users: it would require an army of support staff at every ISP to
adapt on a daily basis to the ever-changing variety of spam. Further-
more, no central measure could possibly satisfy more than a fraction
of one's customers. We're heading into a networked world where 1% of
one's customer base might constitute 1 million people, and it's quite
inappropriate to ignore their wishes. The only tenable answer is to
satisfy *all* of your customers and simultaneously minimize your own
support costs by providing the end user with his own administrative
control. By all means provide defaults, but centralist control just
doesn't scale viably on the exponential curve of Internet growth.

Rich.
--
###########  Dr. Rich Artym  ================  PGP public key available
# galacta #  Email   : rich@???         158.152.156.137
# ->demon #  Web     : http://www.galacta.demon.co.uk  - temp page only
# ->ampr  #  AMPR    : rich@g7exm[.uk].ampr.org 44.131.164.1 BBS:GB7MSW
# ->NTS   #  Fun     : Unix, X, TCP/IP, kernel, O-O, C++, SoftEng, Nano
###########  More fun: Regional IP Coordinator Hertfordshire + N.London