02 July 2004
Losing Faith in Email
I used to insist that email was the best way to communicate with me, and I still do for the most part. I hate being on the telephone, because it doesn't allow me to time shift comprehending and responding to whatever the person on the other side requests -- I have to do it on their schedule, not mine.
Unfortunately, I've slowly been slipping into the mindset of disregarding email for anything important due to the spam problem. As I have no other preferred form of communication for passing important messages and making important plans, I've just stopped doing anything that requires any reliability.
As everyone has experienced, the spam problem is that you completely lose any meaningful email in the glut of garbage. It's a wonder anybody finds anything.
Providers Deal with Spam
In an attempt to make email usable again and conserve resources (disk, bandwidth, etc), many email providers started blocking hosts they knew were sending or relaying spam. It's too much of a job for each host to maintain their own lists, so they build shared black lists of spamming hosts, and this forces legitimate email hosts who want to send real email to clean up their acts to get their names off the list. Another tactic for dealing with the mass of spam hosts is to block entire network subnets.
That brings me to my problem. I'm not a spammer, but I sit on Comcast's network, so some hosts block my email, since it comes from this network. To ensure my email gets out, I had to tell my sendmail to send everything out through Comcast's relay (my SMARTHOST). Using my mailertable, I could make exceptions to the SMARTHOST on a per-host basis. This allows me to be an MX host for another host.
Relaying and DSN
The spammers have continued to get more sophisticated (hence degrading email even more) by checking MX records and sending email directly to those machines, knowing that relays will eventually try to forward the message along. The relay accepts it and tries to forward it along, and when it bounces off the intended host (for being to an unknown user, being known spam, etc), the relay (my machine) generates a Delivery Status Notification (DSN) to the originating account which never exists either. The DSN sits there in the queue trying to be sent for however long the host is configured to queue messages. Some of us have seen the piles and piles of DSN mail in our mail queues.
To complicate the problem in MY case. I'm using my smarthost to try to send all these DSNs. I effectively flood Comcast's mail host until it stops talking to me for a bit (effectively rate limiting me.) My legitimate outgoing mail now gets stuck as well, since my smarthost won't send anything. Spam is not only slowing my incoming mail but also my outgoing mail! I'm not sure what to do to eliminate the DSNs. I've read that fake DSNs should not be sent by user agents because it's just clutter and wasted bandwidth, but I'm seeing that real DSNs are similarly wasted bandwidth when spam senders never exist.
I'd like to figure out how to get sendmail to not generate DSN for relayed mail, but I haven't found it yet. I'm toying with a script to grep out mail in the queue from MAILER-DAEMON, and just outright delete it from the queue, since it most likely will never get anywhere when it's failed once.
As they've turned our mail servers against us, they also work to turn our client-side Bayesian filters to do bad things as well. By embeding gobs of legitimate sounding literature or whatever into hidden parts of spam emails, they confuse our filters into thinking these words are commonly part of spam, and our filters start deleting email we actually want to see.
On the other side, anyone sending me HTML email probably ends up deleted. This could be my bank, credit card companies, ebay, whatever. This is what's led me to expect my bank to just call me, not email me when they need important things. (Hell, postal mail suffers the same thing. I throw so much of it away, because I can't tell -- it all says "Important information enclosed". I figure they'll just call if it really matters, and I'll send them to voicemail, because I never answer the phone either. ;) )
So, there's no way to reliably contact me. I generally ignore people in the street yelling too, so if you want to contact me, put it in your blog or something, because who knows if and when I'll find any other correspondence.