A Zero Spam Mail System [Feedback Request]

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Mon Feb 18 03:21:30 UTC 2019


On Mon, 18 Feb 2019 07:33:32 +0530, Viruthagiri Thirumavalavan said:
> My name is Viruthagiri Thirumavalavan. I'm the guy who proposed SMTP over
> TLS on Port 26

Unfortunately, your attempt there didn't demonstrate an in-depth knowledge of
the email ecology of the sort needed to *actually* solve the spam problem.

> Today I have something to show you.
>
> Long story short.... I solved the email spam problem. Well... Actually I
> solved it long time back. I'm just ready to disclose it today. Again...

So actually *disclose* it already, rather than whining about how you've been
treated.

And there's this telling statement:

> [Today's discussion is about whether I solved the spam problem. Not about how
> I'm gonna distribute the solution]

You apparently don't understand that how the solution gets distributed is a
very important part of whether the solution will work.

Bottom line: You hit most of the points in Vernon Schryver's FUSSP list, plus
an amazing number of points in John Baez's crackpot index. Not a good way to
start.

So because I'm needing some entertainment, I went to go check the Medium post.

> "Spammers have no idea what's going on INSIDE the email system. i.e. They
> have no idea whether their mail gets marked as spam or not."

Oh, you poor, poor uneducated person.  Spammers have a *very good* idea
of whether it was marked as spam.

> "Now, what if your first mail get rejected with an error message like "Unauthorized Sender"?
> Would you still write your follow-up mail? No, right?"

At which point you totally miss the point - for a spammer, the reasonable thing to do
is *send another mail with a different From: value*, in hopes of hitting one that's
an "authorized sender".

> "So when mails get rejected with an error message, spammers gonna remove your
> email address from their email list. That's because your email address is a
> dead end for them."

OK, I'm done here. We obviously have a total lack of understanding of the
problem space, and it's very unlikely that an actually correct solution will
arise from that.

Also, I'll offer you a totally free piece of technical advice: Those SAD
entries in the DNS that you're hoping to use to tie domains together are
trivially forgeable.

To save everybody else the effort:  As far as I can tell, he's re-invented plus
addressing, and says that if everybody creates mailboxes john.smith at example.com
for personal mail, and a john.smith+nanog at example.com for nanog mail, and
john.smith+my-bank at example.com for his bank emails, spam will apparently give
up in defeat

There's a whole bunch more, including assuming that Joe Sixpack *will* create a
separate address for each "transactional" piece of mail, that spammers won't
send mail that looks like personal mail, that spammers won't create bogus DNS
entries, and a few other whoppers...




More information about the NANOG mailing list