Decentralised SMTP is for the greater good · poolp.org

[poolpOrg]

[myfirstnameispaul]

I generally don't see mention of the terribleness of blacklists plus ignoring domain owner instructions, but maybe this is a little off-topic from your posts thus far.

I recently had an issue when signing up for the Dovecot mailing list. Turns out their IPv6 address was blacklisted by Spamhaus (n.b., a German company). The Dovecot mailing list server admin informed me this was an ongoing problem and they had no way to resolve it with Spamhaus. The admin also stated that the server had never been used to send spam.

I'm going to trust Dovecot server admin over Spamhaus dark organization.

For my personal mail I have switched to Mail-in-a-Box (MiaB) after many years of rolling my own in Linux, so I filed an issue on their GitHub regarding tuning down the blacklist feature to auto-spam and I interpret from their response that they believe blacklists serve a higher purpose and who cares if some legitimate mail some place is blocked.

I also pointed out that MiaB ignores p=reject in DMARC. The reason I find this related is that p=reject is a request directly from the domain owner on what to do with mail from the domain. I understand that admins misconfigure DMARC, but how can the receiving admin know this? Misconfigurations are the problem of the domain owner, not receiving admins.

So I gather the following is true for current mail server admins:

1. Dark organizations (blacklist managers) are granted complete authority over who can communicate with the mail server
2. Domain owners cannot fully communicate what to do with email from their domains

Do you see this to be the problem I see it as being? It feels like domain owners and server admins have limited control over the things they are supposed to control.

[poolpOrg]

Yes, I see third-party operated blacklists as a danger when the process to enter a blacklist is not automated on a pattern of behaviour and the process to exit the blacklist is not automated expiry.

A lot of people prefer to cut spam at all cost but I prefer to have a few false positives classified in my Spam folder than lose legitimate mail because a third-party operated blacklist messed up by adding a full range by mistake or for being over zealous.

My take is don't use third-party blacklist unless they aim specific targets and provide a very clear rule you agree with when it comes to defining how a target enters the blacklist and after how low it exists the blacklist.

Also, quite frankly, I don't use any blacklist and I don't receive that much spam :-)

[bekopharm]

This is a good read about SMTP and why it’s a bad idea to roll with the big 5:

https://poolp.org/posts/2019-12-15/decentralised-smtp-is-for-the-greater-good/

We’re currently at a point where it is even difficult to run your own mailserver because small mailservers tend to end up on some blocklist thanks to “bad neighbourhood”. That’d be ips “next” to you. Getting removed again – even for no reason – is a PITA, because there is no unified way of doing so. Happened again and again and while the big 5 won’t bother blocking entire ranges most of the spam bouncing of my own mailserver is indeed from the big mailserves themself. So nowadays I simply stopped caring at all.

My advice for affected people is the same: Use a smaller provider or even run your own. Do not use the mailservices of the big companies. It’s not that hard. Even a consumer NAS can do it.

Originally replied at: https://beko.famkos.net/t/Db2