On Thu, Dec 28, 2023 at 11:46:05PM +0100, Kirill A. Korinsky wrote:
If a filter (or the intermediate DNS layer) returns an error we are in
limbo. If we accept the mail, but it's listed we're probably delivering
spam; if we reject the mail we're very likely to drop legit mail. Both
are undesirable. Failing the message asking to try again later seems the
safest option to me.
I see your point.
My point: user may wait messages and to be very nervous if it delayed for a
while.
Important message means something like a ticket for a train in 5-15 minutes or
something like that.
And here DNS seems like a single point of failure.
Sure, but if I'm in a hurry and need a ticket I'm not going to rely on
mail anyway. Either I'm going to buy it at the door, or I hope they have
an option to download the ticket from the browser (which most of the
ticket purchases I make have an option for). Only as a last resort I'm
going to rely mail and just hope that everything works as it should.
Well, this is an example from the last week :)
If I haven't open DB application for a while, more than a month it had missed
updated of so-called Deutschlandticket, and I wait the email with approval code
to re-download it to the application.
I know that is edge case, but DNS failure is also edge case.
The intersection of "time-sensitive mail" and "failing DNS/dns-bl" might
be an edge case, but time-sensitive mail is not. And DNS fails
(somewhere) all the time.
I see more and more services relying on time-sensitive mail. For example
as a 2FA, to activate an account, reset password-links, or even just to
log in to an account ("magic links"). I believe time-sensitive mail is a
thing a lot of both people and services have come to rely on.
The purpose of filter-dnsbl might be to stop spam, but the purpose of my
mail-setup as a whole is to deliver mail. It is much more important to
me that ham passes (and does so in a timely manner), than spam being
blocked. Therefore, it seems more sensible to me to deliver the mail in
the case of an error.
Not receiving mail for a few days, just because some dns-bl I use has a
problem, seems pretty disastrous to me. Even if we ignore time-sensitive
mail, a lot of mail would be lost. Yes, properly configured mail-servers
are supposed to retry for some time, but *a lot* of servers are *not*
properly configured (especially so with programs and services that sends
mails directly, not using an MTA).
On the other hand, receiving a lot of spam for a few days - while some
dns-bl I use has a problem - seems like a pretty manageable problem.
Especially if the messages were tagged with something like "X-Spam:
Unknown" (in which case a true spam-hater could just redirect everything
to Junk instead of their inbox - which seems preferable to not receiving
the mail, even if you *really* hate spam). Also, suddenly receiving a
lot of spam might make you notice the error a lot faster, which is nice
in case you have to do something :)
--
mvh
Dennis Eriksen
