logoalt Hacker News

Animatstoday at 12:10 AM3 repliesview on HN

Questions:

- How much infrastructure has to be fixed before this works, and in what order?

- Can you send mail from something that doesn't have a DNS entry? How does this affect the first hop from a desktop or mobile SMTP client?

- If an spam email came via SendGrid, Constant Spammer, or MailChump, are you going to be able to tell from the header signatures?

- If your headers are correct, are you guaranteed mail bounces for un-deliverable emails?


Replies

edelbittertoday at 1:01 AM

> Can you send mail from something that doesn't have a DNS entry?

You never really could. Participating in public email exchange requires that the sender can resolve then "fully qualified" domain in your return address. Except after prior agreement or authentication, messages simply that fail this are not generally accepted.

> If your headers are correct, are you guaranteed mail bounces for un-deliverable emails?

Even better: You are more likely to see an immediate refusal instead of a delayed bounce, if the recipient exchange can during transmission already determine that they do not want message claiming to be originally transmitted from X to Y yet breaking their ability to check the signature added by X.

show 1 reply
bawolfftoday at 1:49 AM

> If an spam email came via SendGrid, Constant Spammer, or MailChump, are you going to be able to tell from the header signatures?

Couldn't you always tell this from headers? At the very least the recieved headers are going to be a give away.

zbentleytoday at 12:39 AM

> Can you send mail from something that doesn't have a DNS entry?

I hope not. Just like SSL, I think requiring a registrar+DNS server to vouch for a durable identity is an important barrier to abuse (and an important intervention point for violation reports).