Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decentralised SMTP is for the greater good #27

poolpOrg opened this issue Dec 15, 2019 · 2 comments

Decentralised SMTP is for the greater good #27

poolpOrg opened this issue Dec 15, 2019 · 2 comments


Copy link

@poolpOrg poolpOrg commented Dec 15, 2019

No description provided.

@poolpOrg poolpOrg self-assigned this Dec 15, 2019

This comment has been minimized.

Copy link

@myfirstnameispaul myfirstnameispaul commented Dec 15, 2019

I generally don't see mention of the terribleness of blacklists plus ignoring domain owner instructions, but maybe this is a little off-topic from your posts thus far.

I recently had an issue when signing up for the Dovecot mailing list. Turns out their IPv6 address was blacklisted by Spamhaus (n.b., a German company). The Dovecot mailing list server admin informed me this was an ongoing problem and they had no way to resolve it with Spamhaus. The admin also stated that the server had never been used to send spam.

I'm going to trust Dovecot server admin over Spamhaus dark organization.

For my personal mail I have switched to Mail-in-a-Box (MiaB) after many years of rolling my own in Linux, so I filed an issue on their GitHub regarding tuning down the blacklist feature to auto-spam and I interpret from their response that they believe blacklists serve a higher purpose and who cares if some legitimate mail some place is blocked.

I also pointed out that MiaB ignores p=reject in DMARC. The reason I find this related is that p=reject is a request directly from the domain owner on what to do with mail from the domain. I understand that admins misconfigure DMARC, but how can the receiving admin know this? Misconfigurations are the problem of the domain owner, not receiving admins.

So I gather the following is true for current mail server admins:

  1. Dark organizations (blacklist managers) are granted complete authority over who can communicate with the mail server
  2. Domain owners cannot fully communicate what to do with email from their domains

Do you see this to be the problem I see it as being? It feels like domain owners and server admins have limited control over the things they are supposed to control.


This comment has been minimized.

Copy link
Owner Author

@poolpOrg poolpOrg commented Dec 16, 2019

Yes, I see third-party operated blacklists as a danger when the process to enter a blacklist is not automated on a pattern of behaviour and the process to exit the blacklist is not automated expiry.

A lot of people prefer to cut spam at all cost but I prefer to have a few false positives classified in my Spam folder than lose legitimate mail because a third-party operated blacklist messed up by adding a full range by mistake or for being over zealous.

My take is don't use third-party blacklist unless they aim specific targets and provide a very clear rule you agree with when it comes to defining how a target enters the blacklist and after how low it exists the blacklist.

Also, quite frankly, I don't use any blacklist and I don't receive that much spam :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.