[besson3c]

There are people where I have been working that have gotten themselves into trouble relying on email for time sensitive, mission critical notifications. The temptation is high considering that mail seems to be sent and received instantly the vast majority of the time to think of it this way, but it is not, and never will be.

I'm certain that with all of these Push technologies coming out that the temptation if even higher. If you are thinking "ahhh, I can use push email as a means to page me", think again. There are simply too many points of failure to rely on this, regardless of whether Apple improves the reliability of their service. What you had before was a set of near real-time communication protocols, and what you have now is simply an improvement on this design for this purpose.

If you need to be notified about certain things immediately, it is better to rely on a paging service, or an instant message, or perhaps SMS if you trust your cellphone service. Is it possible to leave your iPhone 3G service constantly connected to an IM network? Does it drain the battery a great deal?

[turtle777]

I f***g hate when people sent emails as urgent, but are too lazy to pick up the phone.

Can't stand it.

If it's urgent, come and see me or give me a call, I don't check email constantly.

-t

[voodoo]

I find email to be acceptable as a medium to reach people within 24 hour timeframe. The absolute vast majority of email users check their mail once a day.

Even so, I never rely on email for important things. I just don't trust it to deliver 100% of the time. Neither can I trust SMS or MMS. I've sent messages that never arrived or days later.

Mission critical stuff means picking up the phone and talk.

[besson3c]

voodoo: yes, although there are some paging services that are *very* reliable. We rely on a local paging service for our enterprise, and I don't think we've really had an incident with it over the course of many years. While there are certainly things that can go wrong with it, in theory there are far, far fewer points of failure. If this wasn't the case, a better solution would be to find a better paging service than to go back to email, which is flawed by design for this need.

Also, the problem with relying on the phone is that many of us rely on cellphones, which are much less reliable than a pager, at least around here...

[turtle777]

Originally Posted by besson3c 

Also, the problem with relying on the phone is that many of us rely on cellphones, which are much less reliable than a pager, at least around here...

That's a matter of definition. IMO, cell phones are MORE reliable (from a practical perspective), because I get immediate feedback.

I.e., if I reach somebody, I KNOW he got the message, if I don't, I KNOW HE DIDN'T.

With pagers, email, SMS etc, you never know for sure if the message arrived until you get feedback. But the lack of feedback has too many possible reasons.

-t

[mduell]

Originally Posted by besson3c 

Is it possible to leave your iPhone 3G service constantly connected to an IM network? Does it drain the battery a great deal?

I assumed the AIM client uses Apple's Push Notification Service... perhaps too bold an assumption.

I like push email because it's platform independent without the limitations of SMS.

[Eug]

Email is awesome. I can just ignore it when I want to ignore it.



P.S. As you might have guessed, I NEVER use instant messaging...

P.P.S. I do have both a pager and a cell phone, but I never give my cell phone number to work people unless I absolutely have to for specific situations (it's not in the public directory), and I turn off my pager if I'm off-hours.

[imitchellg5]

Yeah I know what you're talking about besson. What I hate is when you're on vacation and people expect you to reply to emails. And I've once had someone get upset that I took a day to reply to their emails, but I replied to their texts within seconds.

[wallinbl]

Originally Posted by besson3c 

If you need to be notified about certain things immediately, it is better to rely on a paging service, or an instant message, or perhaps SMS if you trust your cellphone service. Is it possible to leave your iPhone 3G service constantly connected to an IM network? Does it drain the battery a great deal?

Why are paging and SMS more real time than email? You're doing the same thing - sender sends message, network routes message to recipient, recipient may or may not be available at the time. IM suffers from a different problem - many of them won't let you send a message if the recipient is not know to be online. It's like a phone without an answering machine.

Oddly, you left out the only truly reliable mechanism for guaranteeing immediate notification - a phone call. With a phone call, you get confirmation of receipt. With paging and SMS, I don't know if the recipient got the message. With IM, I have to have an account on 5 different services to deal with different people.

My vote is that we stick with email. It's not proprietary like IM; it's not length limited like SMS; and it's two way without requiring carrier specific hardware like paging. I assume you're posting this because of the thread about push email in the iPhone forum. Most of those people are complaining about MobileMe, which may be suffering transitional pains. I've been getting push emails on the iPhone from Exchange for months without problems. Been getting it on a Blackberry for years without problems. IM would make me largely unavailable, which would be worse. SMS would require the sender to whip out a cell phone, where email can be sent from a web page, an email client or a cell phone.

[MacosNerd]

Email works the best in dealing with critical information, be it time sensitive or not. For one thing, I found that having an audit trail of what I sent and/or the conversation that occurred to be invaluable on many occasions. Setting up paging system in this day and age makes less sense, especially given the fact that emails work a whole lot better in conveying a message.

With the advent of the smart phones/blackberries/iPhones people now have the ability to receive important emails that they can act on in a time appropriate manner.

Personally the push email concept enhances my efficiency more then any other technology listed.

[::maroma::]

Why have multiple services when you can just have one? For what you're talking about, that's not a reality at the moment, but I could easily see email becoming as close to instant communication as IM's or pages are today. We're almost there already. And like others have said, email is universal while IM services are not.

I'm all for simplicity. If I can use one service to serve the needs I have for that particular service I will. When I can rely on email to be instant communication (and I have no reason to believe it wont get there eventually) I will ditch my IM services altogether.

[ballison]

wait pagers still exist?

[besson3c]

Originally Posted by wallinbl 

Why are paging and SMS more real time than email? You're doing the same thing - sender sends message, network routes message to recipient, recipient may or may not be available at the time. IM suffers from a different problem - many of them won't let you send a message if the recipient is not know to be online. It's like a phone without an answering machine.

Email and paging/SMS are not at all alike. There are *many* more points of failure with email:

- load related deferrals
- milters incorrectly filing a message as spam
- users over quota
- misconfigured SMTP servers
- black/blocklists
- busy queues competing with new SMTP connections
- mailing list and spam load spikes
- DNS/MX issues
- client related problems
- non RFC-compliant SMTP servers
- mail loops
- badly designed web based forms that do not rate limit and do not properly queue mail

just to name a few off the top of my head. When you think about it, it's a wonder that *any* email gets sent and received in a timely fashion.

Oddly, you left out the only truly reliable mechanism for guaranteeing immediate notification - a phone call. With a phone call, you get confirmation of receipt. With paging and SMS, I don't know if the recipient got the message. With IM, I have to have an account on 5 different services to deal with different people.

True, although sometimes with my cell phone service I miss a call and am notified of it much later, for some reason. I don't know if this is related to reception, but it is annoying.

My vote is that we stick with email. It's not proprietary like IM; it's not length limited like SMS; and it's two way without requiring carrier specific hardware like paging. I assume you're posting this because of the thread about push email in the iPhone forum. Most of those people are complaining about MobileMe, which may be suffering transitional pains. I've been getting push emails on the iPhone from Exchange for months without problems. Been getting it on a Blackberry for years without problems. IM would make me largely unavailable, which would be worse. SMS would require the sender to whip out a cell phone, where email can be sent from a web page, an email client or a cell phone.

Email is just about the worst possible primary source of contact for emergency notifications, period. It is okay if it supplements something else, but it should *not* be used as a pager replacement.

[besson3c]

Originally Posted by ::maroma:: 

Why have multiple services when you can just have one? For what you're talking about, that's not a reality at the moment, but I could easily see email becoming as close to instant communication as IM's or pages are today. We're almost there already. And like others have said, email is universal while IM services are not.

I'm all for simplicity. If I can use one service to serve the needs I have for that particular service I will. When I can rely on email to be instant communication (and I have no reason to believe it wont get there eventually) I will ditch my IM services altogether.

You're not going to fulfill your dream until you solve the problems I have listed, which is definitely not going to happen anytime soon. Email, at its heart, was never designed to be a real-time communications medium. If you want that, we would be best off designing something totally new if you are unhappy with the alternatives.

[besson3c]

Originally Posted by ballison 

wait pagers still exist?

What's a wait pager?

[Chuckit]

Originally Posted by wallinbl 

Why are paging and SMS more real time than email? You're doing the same thing - sender sends message, network routes message to recipient, recipient may or may not be available at the time.

What besson is saying is that email not designed to be instant. In many cases, it does work that way, but that's basically just good luck. Nobody can guarantee you'll receive email in a timely manner, even if you're hitting "Check for new mail" every five seconds. It could be hours or days before an email message is received — partly depending on factors out of your control.

[besson3c]

Chuckit is exactly right...

[besson3c]

Plus, even if you are dead set against everything I'm saying, the second you call up an email administrator and ask why your email didn't arrive instantly, they will tell you exactly what I'm telling you... They can't guarantee anything, even if they wanted to, whereas at least with these other mediums they are in the business of *trying* for instant delivery.

[torsoboy]

My vote is for email when a paper trail is needed, but I don't expect an answer for at least a few hours even when I email about something "urgent". I don't use a cell phone, and there are too many different IM clients, so email is actually my preferred method for most things. Very very rarely does a message not make it through and by now all of the hardware and software needed for emailing has been pretty well ironed out, and there aren't too many actual failures that happen. Unless you use hotmail of course.

For instant communication I use Skype and Trillian (can handle Yahoo IM, ICQ, IRC, AIM, and MSN at the same time). There needs to be a single standard so all of these stupid things can talk with each other.

[Mastrap]

Originally Posted by besson3c 

What's a wait pager?

You page a waiter with them.

"Schnitzel to table three, and pronto."

[besson3c]

Originally Posted by Mastrap 

You page a waiter with them.

"Schnitzel to table three, and pronto."

[moep]

Originally Posted by Eug 

Email is awesome. I can just ignore it when I want to ignore it.

Yeah, most people like to play that game when some sort of displeasing email arrives. "Oh, I never got those emails. They must've landed in my junk-folder".

And then it gets embarrassing quite fast when you inline-link a picture in the email and check your webserver's log for GETs on it.

(yeah, I'm aware that most email programs block embedded images by default these days. it still works most of the time.)

[Randman]

Of course email is not meant to be instant, but try and tell that for the 30-second attention span generation.

Besides, that's what texting is for.

[freudling]

besson3c!

I agree... if I am interpreting your posts properly... that you are unhappy with email because it essentially is no longer sufficiently serving the needs of today's high impact, fast paced, real time world.

Two reasons why email is failing

1. It is not real time (even though there is push email, it still is not real time because something is only pushed once it actually makes it through the maze of email servers and channels)
2. A causal factor of the first, it is unreliable for a host of reasons

Most of the time, email is reliable for me... but, 90 percent of the time it is not. And when it is not, it causes turbulence in my business and there really is not much I or anyone can do about it because of all the factors and variables involved. Mostly, for me, email is way too constraining. For instance, attachment sizes... there are several times when I need to send someone a document over 20 mb... this causes no end of problems from both ends... even it I can send it from my end, that does not guarantee it will make it through to the other side. For instance, it may bounce back as it exceeds the recipient's attachment size limit.

This problem is not endemic to just my business, and it does not help that we have so many different ISPs and email providers of which none adhere to any one standard of user constraints. Therefore, it is difficult to know how your email is going to be received on the other end.

Sometimes I get bounce back messages days later... I spent 30 minutes preparting a quote and emailed it to the potential client. The contract was worth thousands of dollars. About 1 week later a bounce message came in and it never reached the client... too little too late. What's the answer? A new medium I think, because email itself is just too broken to even begin trying to fix.

But what about just a few kick ass ISPs and some really good, wide open, free email providers? Well, unfortunately, no matter how good your email is, it says nothing about the other person's you are sending to... which is the problem in that there are two sides to the coin.

We need a hybrid email system: something just like instant messaging that is scaleable with the right GUI. This would certainly need some serious AI built in... it would and should learn your habits and the people who are messaging you... perhaps the program could analzye keywords in the message and then, after the message text, have a few links to relevant message threads to refer to. Just something that is more powerful than the old email standard... old email standard meaning where the user has to do a lot of hunting and pecking to find related emails to refer to. Even with sophisticated, customized rules there is a lot of mess.

I mean something that is not only wide open and instant, but is smart and ties things together. In this way, when you read something, it is backed up by the appropriate thread text. This saves the user time in hunting around for messages related to it... It is a lot less linear and more robust. It might simply tie all other text threads with person A underneath the new thread text... sort of like a chat history.

[besson3c]

freudling: I'm not sure that my intended meaning was conveyed based on what you have written...

What I'm saying is that email systems have a particular design, and too many people try to stretch this design in treating it like something it isn't... This is sort of like bashing a square peg into a round hole. It gets most frustrating when people expect that email administrators try to accommodate attempts to work against its fundamental design.

For instance:

- email is not a file transport mechanism, and IMAP in particular is very slow at doing this (it is designed for fetches of small files)
- email is not a storage mechanism for large files (although it can be used accordingly, the spec was not designed for this purpose)
- email is not instant message

I'm not saying that email should *not* be any of these things, but in order to do this we need new standards and possibly new protocols. Simply trying to bash away at this by increasing quotas, attachment sizes, and trying to get 100% real-time delivery is mostly futile. Add to this the whole groupware angle and success of MS Exchange, you have more of these weird hacks like Apple's OS X Mail notes thing, Entourage (which is ironically no longer the best Exchange savvy Mac client), etc.

These problems need to be solved at a lower level, not simply the application level. Doing all of what we are asking of email now is sort of like trying to haul several tons of freight using a Toyota Corolla, and then getting mad at the car when it doesn't perform up to expectations. There is nothing wrong with IMAP, it simply is what it is, and an instant message alternative it isn't.

If you want instant communication, get a pager (for example). It may not work 100% of the time, but it *is* designed for this purpose.

[Salty]

How does anyone NOT know this?

[besson3c]

Salty: you'd be surprised... Seriously. Haven't you heard those sorts of comical stories about frantic employees emailing their IT person because they think their email is down, and variants of these sorts of stories? This kind of thing does actually happen, to many people email is just this sort of magical thing that few take the time to stop and think about.

[Chuckit]

I think I'll cry for joy if a week goes by where I don't get several people freaking out because they haven't received an email that was sent, like, a whole 10 minutes ago.

[Salty]

That's pathetic, I think even my mom understands that email isn't an instant thing. I've actually always thought email was a lousy technology. I mean, how much better would things be if something closer to long form IM took over in the market? Granted nobody wants to let one company control things, but really that would basically rid the world of spam on the levels that we see it.

[11011001]

Leopard Server I hate you. It seems that I am often fixing email problems these days.

Of all the things I have used, I think gmail is the best in terms of reliability.

[Randman]

Originally Posted by 11011001 

Leopard Server I hate you. It seems that I am often fixing email problems these days.

Of all the things I have used, I think gmail is the best in terms of reliability.

[ghporter]

For truly urgent communications, face-to-face beats everything, hands down. But that's obviously full of limitations itself, so the usual way to go should be by telephone. Landline if possible, cell if not. Why? People typically have landline phones on their desks, but if they're not at their desks, that's not going to work, right? And lastly, email for followup, documentation, and details.

This is not a new issue, nor is it a business-only issue. On many occasions, I had to point out to other military folks that email was not acceptable as a means of issuing a task or order (and I usually had to back that up by showing them (not quoting) a regulation that said just that. I could tell them that there was a new requirement for them to wear socks on their hands when writing official communications and they'd ask what color, but tell 'em that they actually had to talk to someone got blank stares or worse every time.

[Uncle Doof]

Originally Posted by Salty 

I've actually always thought email was a lousy technology.

Email's actually a great technology. How it's currently used is the fail point. It was never designed to have the server sitting at your ISP's building, and that's where it falls down.
If every house (and I mean that in a business sense too) had their own email server, everything would work how it's supposed to - there'd be barely any spam (assuming all servers were preconfigured to use rDNS out of the box) and everyone would get a failed delivery notification within a reasonable time.

[Uncle Doof]

Originally Posted by freudling 

Sometimes I get bounce back messages days later... I spent 30 minutes preparting a quote and emailed it to the potential client. The contract was worth thousands of dollars. About 1 week later a bounce message came in and it never reached the client... too little too late. What's the answer?

The answer to that is get an email server and stop relying on your ISP. All of my bounce messages hit me in the next POP pickup cycle.

[besson3c]

Originally Posted by Salty 

That's pathetic, I think even my mom understands that email isn't an instant thing. I've actually always thought email was a lousy technology. I mean, how much better would things be if something closer to long form IM took over in the market? Granted nobody wants to let one company control things, but really that would basically rid the world of spam on the levels that we see it.

I don't think it would. First of all, the problem with IM as it stands now is that it only allows communication with people that are online. What if you wanted to send somebody an email to somebody that was offline? The spammers would start to collect IM addresses, and it might even become worse since I don't think there is an IM milter for filtering spam.

Email is great technology when it is used as it was designed to be used.

[besson3c]

Originally Posted by 11011001 

Leopard Server I hate you. It seems that I am often fixing email problems these days.

Of all the things I have used, I think gmail is the best in terms of reliability.

Leopard Server simply provides GUIs to Cyrus IMAP and Postfix, last I checked. There is nothing magical about what Leopard Server does, in comparison to other Unix-based email servers. If you are having problems, it is either with the limits of what Leopard's GUIs allow (in which case you could just bypass them and hope that your manual changes are honored by the GUI), or with Cyrus or Postfix themselves, which are not Leopard-specific issues.

[besson3c]

Originally Posted by Uncle Doof 

Email's actually a great technology. How it's currently used is the fail point. It was never designed to have the server sitting at your ISP's building, and that's where it falls down.
If every house (and I mean that in a business sense too) had their own email server, everything would work how it's supposed to - there'd be barely any spam (assuming all servers were preconfigured to use rDNS out of the box) and everyone would get a failed delivery notification within a reasonable time.

I disagree. If every house controlled their own DNS server there would be plenty of servers that do not follow RFC spec and make delivery even more difficult because the person running the server didn't know what he/she was doing, there would be more failures from failed milters, crashed SMTP servers, and other points of failure in combination with the owner not knowing what they were doing, there would be many rouge SMTP servers cranking out spam, and it would be nearly impossible to maintain blocklists with such an exponential increase in SMTP servers, as well as owners that may be completely unresponsive.

RDNS is controlled by the IP block owner, so I'm not sure what you had in mind there.

[besson3c]

Originally Posted by Uncle Doof 

The answer to that is get an email server and stop relying on your ISP. All of my bounce messages hit me in the next POP pickup cycle.

The problem with this is that without an RDNS entry, your messages are much more likely to be flagged as spam. Several ISPs don't do RDNS entries for DHCP issued IP addresses.

[Uncle Doof]

Originally Posted by besson3c 

I disagree. If every house controlled their own DNS server there would be plenty of servers that do not follow RFC spec and make delivery even more difficult because the person running the server didn't know what he/she was doing

Every house doesn't need to control its own DNS server. Just mail server.
My mail is internal, my DNS is ISP.

Originally Posted by besson3c 

there would be more failures from failed milters, crashed SMTP servers, and other points of failure in combination with the owner not knowing what they were doing

Yeah. If POP3 to the ISP wasn't so prevalent, there'd be a minimal-config almost-crashproof SMTP server in almost every modem by now. Just pop your IP and domain name into it and bob's your uncle. Maybe options for maximum mail size, ISP failover outbound MX, etc.. People configure their DSL modems every day (when they get new ISP accounts) - no reason why an inbuilt SMTP server shouldn't be as easy.

Originally Posted by besson3c 

there would be many rouge SMTP servers cranking out spam, and it would be nearly impossible to maintain blocklists with such an exponential increase in SMTP servers, as well as owners that may be completely unresponsive.

You don't need a large blocklist if you use rDNS.

And how much easier would it be to locate and prosecute spammers if everyone could only use their in-house SMTP?

And I'd rather have the server in blanc, not rouge.

Originally Posted by besson3c 

RDNS is controlled by the IP block owner, so I'm not sure what you had in mind there.

Originally Posted by besson3c 

The problem with this is that without an RDNS entry, your messages are much more likely to be flagged as spam.

Which is why you get an rDNS entry.

Since my DNS is external, I just email my ISP's dnsmaster and tell him what's what. He makes the required changes within proper RFC spec and all's well.

Originally Posted by besson3c 

Several ISPs don't do RDNS entries for DHCP issued IP addresses.

And extra-house DHCP should be discontinued too. DHCP, like POP, is designed for the LAN, not the WAN. Just bring on IPv6 already and make every house get its own IP block.

Fact is, SMTP was designed as the house to house protocol. DHCP, POP3 and IMAP were designed as in-house client to server protocols.
You don't go to the post office every three minutes to fetch your mail, you have it delivered. Why would you use Post Office Protocol to do the same on the 'net?

[besson3c]

Originally Posted by Uncle Doof 

Every house doesn't need to control its own DNS server. Just mail server.
My mail is internal, my DNS is ISP.

Huh? Every SMTP server should have an RDNS entry. You don't have to run your own DNS server, but if your ISP is going to do RDNS for you and provide full blessing to run your own SMTP server in the world you imagine, they will most certainly want to know who you are at any given time, including when your IP address changes. Otherwise, they can be accused of sponsoring rogue SMTP servers which could be used for spam.

Additionally, spam filtering is affected when your mail doesn't come from a consistent set of IP addresses (e.g. graylisting, blocklisting, etc.) Do you want somebody else's spam cannon resulting in your personal servers being put on blocklists whenever your DHCP lease expires and you inherit this new blocked IP?

Yeah. If POP3 to the ISP wasn't so prevalent, there'd be a minimal-config almost-crashproof SMTP server in almost every modem by now. Just pop your IP and domain name into it and bob's your uncle. Maybe options for maximum mail size, ISP failover outbound MX, etc.. People configure their DSL modems every day (when they get new ISP accounts) - no reason why an inbuilt SMTP server shouldn't be as easy.

How is POP relevant to whether or not we run our own SMTP servers? Do you mean that we'd also want to run our own POP/IMAP servers to use with our own SMTP server, rather than pointing our accounts hosted elsewhere at our own SMTP server?

Sorry, but inviting people to setup their own SMTP servers would be an absolute disaster. In addition to them not knowing what they are doing, like I've described, there are many moving parts to an SMTP server:

- DNS blocklist (e.g. Spamhaus)
- milters
- domain/relay policies
- other anti-spam techniques such as graylisting
- queuing/queue management
- security
- authentication/authorization

There is no way in hell that Joe Sixpack should be entrusted with something like this. Joe Sixpack can't even bother to setup a password for their Wifi network, what makes you think that they would do a good job with something like this?

You don't need a large blocklist if you use rDNS.

Ummm... sorry, but you don't know what you are talking about here Doofy. Simply having an RDNS entry does not provide any guarantees of the security or usage of that IP. What about all of the machines that have RDNS entries that have been turned into spam zombies, just for instance?

And how much easier would it be to locate and prosecute spammers if everyone could only use their in-house SMTP?

How is this any different than the way things are now? Do you think that current spammers are using commercial/public relays?

Since my DNS is external, I just email my ISP's dnsmaster and tell him what's what. He makes the required changes within proper RFC spec and all's well.

You want every single household in the world to email their DNS master with manual RDNS requests? Huh? How does this make sense?

And extra-house DHCP should be discontinued too. DHCP, like POP, is designed for the LAN, not the WAN. Just bring on IPv6 already and make every house get its own IP block.

Filtering by MAC address and getting rid of DHCP might very well be the direction things are headed...

[Uncle Doof]

Originally Posted by besson3c 

Huh? Every SMTP server should have an RDNS entry. You don't have to run your own DNS server, but if your ISP is going to do RDNS for you and provide full blessing to run your own SMTP server in the world you imagine, they will most certainly want to know who you are at any given time, including when your IP address changes.

If you're not using DHCP, your IP ain't gonna change. You saw the bit where I suggested outlawing WAN DHCP, yes?

Originally Posted by besson3c 

Additionally, spam filtering is affected when your mail doesn't come from a consistent set of IP addresses (e.g. graylisting, blocklisting, etc.) Do you want somebody else's spam cannon resulting in your personal servers being put on blocklists whenever your DHCP lease expires and you inherit this new blocked IP?

I'll never inherit anyone' else's blacklisted IP, since I have my own static block. Everyone should have their own static block.

Originally Posted by besson3c 

How is POP relevant to whether or not we run our own SMTP servers? Do you mean that we'd also want to run our own POP/IMAP servers to use with our own SMTP server, rather than pointing our accounts hosted elsewhere at our own SMTP server?

Yep, I mean SMTP/POP server. You know, the whole caboodle, like CommuniGate.

Originally Posted by besson3c 

Sorry, but inviting people to setup their own SMTP servers would be an absolute disaster.

That's why you only leave them with a few options. If you let every driver on the road set their own suspension settings it'd be a complete disaster, so we don't.

Originally Posted by besson3c 

In addition to them not knowing what they are doing, like I've described, there are many moving parts to an SMTP server

You're forgetting that I've helped design SMTP servers, eh Bess?

Originally Posted by besson3c 

Ummm... sorry, but you don't know what you are talking about here Doofy. Simply having an RDNS entry does not provide any guarantees of the security or usage of that IP.

What the hell are you on about? I click the option "use rDNS lookup" on my incoming MX, I get no spam from people spoofing IPs.

Originally Posted by besson3c 

What about all of the machines that have RDNS entries that have been turned into spam zombies, just for instance?

How on earth can you turn a well-designed, secure appliance into a spam zombie? The only reason there actually are spam zombies is because the external email interface is at the hackable computer rather than at the relatively unhackable modem/router/gateway.

Originally Posted by besson3c 

How is this any different than the way things are now? Do you think that current spammers are using commercial/public relays?

Do you think that all of a sudden loads more people are going to start spamming just because they have their own servers?

Originally Posted by besson3c 

You want every single household in the world to email their DNS master with manual RDNS requests? Huh? How does this make sense?

Dude, come back when you've been off the jazz for a week straight. As usual, you're reading everything arse-about-face.

I email my dnsmaster, tell him that if AOL (or anyone using an rDNS lookup) checks my IP, it should see mail.doofdomain.com so everything works smoothly. This could easily be part of the ISP signup procedure (you know, like when they hand out connection details to newbies).

[besson3c]

Originally Posted by Uncle Doof 

If you're not using DHCP, your IP ain't gonna change. You saw the bit where I suggested outlawing WAN DHCP, yes?



I'll never inherit anyone' else's blacklisted IP, since I have my own static block. Everyone should have their own static block.

Fine... The whole architecture and structure of the net will change with IPv6 and no DHCP, but there is no sense in even proposing these sorts of things before this becomes a reality.

Yep, I mean SMTP/POP server. You know, the whole caboodle, like CommuniGate.

So you want people to run their own IMAP and POP servers too?

You're forgetting that I've helped design SMTP servers, eh Bess?

I have no idea what your IT background is, I'm just responding to what you have written.

What the hell are you on about? I click the option "use rDNS lookup" on my incoming MX, I get no spam from people spoofing IPs.

Spoofing IPs? I'm thoroughly confused as to how you feel that RDNS is some sort of magical cure to spam, and how what we have comes up short... Care to explain?

How on earth can you turn a well-designed, secure appliance into a spam zombie? The only reason there actually are spam zombies is because the external email interface is at the hackable computer rather than at the relatively unhackable modem/router/gateway.

Easy, you permit sending mail from any zombified client machine that is authorized to use that SMTP server by stealing authentication credentials (via keystroke logger, for instance), or by using a system that doesn't require SMTP auth (e.g. a web based email system). Or, you exploit a workstation and you run your own rogue SMTP server on the PC (which happens all the time with malware). You attack workstations, not known, legit SMTP servers. You acknowledged this, so how does an RDNS entry on the legit/authorized SMTP server solve the problems we have with spam from workstations?

Do you think that all of a sudden loads more people are going to start spamming just because they have their own servers?

No, what gave you that impression?

Dude, come back when you've been off the jazz for a week straight. As usual, you're reading everything arse-about-face.

I'll pretend that you didn't write that, I'm not interested in another pissing match with you. Keep it rational, not emotional please.

I email my dnsmaster, tell him that if AOL (or anyone using an rDNS lookup) checks my IP, it should see mail.doofdomain.com so everything works smoothly. This could easily be part of the ISP signup procedure (you know, like when they hand out connection details to newbies).

So you want to start a massive worldwide database of SMTP server registrations, and you want every household to run their own SMTP server? How would telling only AOL help? What about when you send to somebody else? How would AOL authenticate your request if you weren't an AOL customer? A global database of RDNS address mappings would work in theory, but it would suck. There is no way that we can design systems that can scale properly when they have to query this massive, massive database for every single email message that is sent.

Sorry Doofy, but what you want is quite impractical, and I say that based on the merits of what you have written alone. I have no idea what sorts of SMTP systems you have design (nor do you know what I do professionally)

[Uncle Doof]

Originally Posted by besson3c 

So you want people to run their own IMAP and POP servers too?

It really isn't that hard.

Originally Posted by besson3c 

Spoofing IPs? I'm thoroughly confused as to how you feel that RDNS is some sort of magical cure to spam, and how what we have comes up short... Care to explain?

Well, I run two SMTP servers. I don't hide any addresses associated with the two domains (i.e. no web forms, no script encoding - just the straight addresses out there in the open to be harvested). I have exactly two spam prevention measures: (1) The SMTP server goes and looks up the rDNS entry for every mail it gets and (2) messages sent by anyone using "The Bat!" client are banned. Result: no spam (nothing, nada, zip, zilch) in seven years. There's no other filtering whatsoever. Most spam comes from spoofed IPs.

Originally Posted by besson3c 

Easy, you permit sending mail from any zombified client machine that is authorized to use that SMTP server by stealing authentication credentials (via keystroke logger, for instance), or by using a system that doesn't require SMTP auth (e.g. a web based email system). Or, you exploit a workstation and you run your own rogue SMTP server on the PC (which happens all the time with malware). You attack workstations, not known, legit SMTP servers. You acknowledged this, so how does an RDNS entry on the legit/authorized SMTP server solve the problems we have with spam from workstations?

Easy. Adaptive send limiter built into the MX/modem appliance.

Originally Posted by besson3c 

I'll pretend that you didn't write that, I'm not interested in another pissing match with you. Keep it rational, not emotional please.

Read what I'm writing and don't turn it around in your head before you process it then.

Originally Posted by besson3c 

How would telling only AOL help? What about when you send to somebody else? How would AOL authenticate your request if you weren't an AOL customer?

You haven't got the slightest idea how rDNS works, have you? Seriously.
Is there a bit in the rDNS entry for AOL and a bit for every other MX checking it against their receives? No.

A global database of RDNS address mappings would work in theory, but it would suck. There is no way that we can design systems that can scale properly when they have to query this massive, massive database for every single email message that is sent.

Ummm. rDNS is per domain, not per message. Unless you're still labouring under the idiot idea of WAN DHCP.

Perhaps you actually want to go read up about this stuff before you continue, Bess?

[Mastrap]

Cool, geek-fight.

[besson3c]

Originally Posted by Uncle Doof 

It really isn't that hard.

Not for us, but for Joe Sixpack? I think you are over-estimating his abilities You may say that providing a router-like appliance for SMTP and/or POP/IMAP is the way to go, but how would you secure that? What if there is a protocol level exploit like there was for DNS recently, are we expecting that these home users will apply firmware upgrades? *Maybe* it is possible to automatically apply firmware upgrades, but this seems like a dangerous proposition. I've seen many a firmware upgrade to these sorts of network appliances fail.

Well, I run two SMTP servers. I don't hide any addresses associated with the two domains (i.e. no web forms, no script encoding - just the straight addresses out there in the open to be harvested). I have exactly two spam prevention measures: (1) The SMTP server goes and looks up the rDNS entry for every mail it gets and (2) messages sent by anyone using "The Bat!" client are banned. Result: no spam (nothing, nada, zip, zilch) in seven years. There's no other filtering whatsoever. Most spam comes from spoofed IPs.

So what happens when that person using The Bat have an RDNS entry? I think the term that more accurately describes what you are referring to is hijacked IPs, it's not really a spoof. The only way to filter between good SMTP servers with RDNS entries from bad ones is to have some sort of database where lookups are performed. I've explained some of the problems with doing that.

Easy. Adaptive send limiter built into the MX/modem appliance.

So you limit mail sent from certain workstations using your little SMTP server appliance, okay... So, what happens if the workstation decides to circumvent this by sending mail directly from the PC like malware does now? What about legitimate mail being sent from the non-compromised PCs? What about people who figure out ways to remove this rate limit from their SMTP server appliance?

You haven't got the slightest idea how rDNS works, have you? Seriously.
Is there a bit in the rDNS entry for AOL and a bit for every other MX checking it against their receives? No.

I know enough to know that we are misunderstanding each other, because I'm not following you at all. The IP owner sets up RDNS entries for each of the IPs that belong to that subnet. You want to start mapping these entries to people's home SMTP servers. Is this the gist of what you are saying?

Perhaps you actually want to go read up about this stuff before you continue, Bess?

Dude, start making sense or I'm done. You have a history of talking completely out of your ass when you are completely outmatched, and you keep on going at it relentlessly, ratcheting up your aggressiveness and insulting tone expecting that this will somehow give you an upper hand. This doesn't work with me, I'm sorry. The onus is on you to put together an argument that isn't full of holes, as well as to actually ackonwledge and address the holes i have pointed out with some sort of intelligent rebuttal that at least attempts to account for these problems.

If you aren't interested in doing either, cool, I'm done. My ego is not destroyed by the thought of you feeling self-righteous about this stuff.

Make a solid argument.

[Uncle Doof]

Originally Posted by besson3c 

Not for us, but for Joe Sixpack? I think you are over-estimating his abilities You may say that providing a router-like appliance for SMTP and/or POP/IMAP is the way to go, but how would you secure that?

I don't know Bess. Why don't you ask these guys:

http://www.equiinet.com/netpilot/pro...ilotremote.asp

That's no more complicated than the average Netgear router. We just need it to be cheaper, a little better specified and in every house. Oh, and secured by default, since we're not Microsoft and don't have to ship everything with the security turned off.

Originally Posted by besson3c 

So what happens when that person using The Bat have an RDNS entry?

It gets through on the rDNS but then gets bounced on the X-Mailer line.

Originally Posted by besson3c 

I think the term that more accurately describes what you are referring to is hijacked IPs, it's not really a spoof. The only way to filter between good SMTP servers with RDNS entries from bad ones is to have some sort of database where lookups are performed.

We've already got that. It's called the DNS system.

Originally Posted by besson3c 

So you limit mail sent from certain workstations using your little SMTP server appliance, okay... So, what happens if the workstation decides to circumvent this by sending mail directly from the PC like malware does now?

Require the use of a DNS proxy in the appliance. If the compromised workstation can't resolve by itself, it can't send mail except through the appliance (and thus be subject to the rate controls).

Originally Posted by besson3c 

What about legitimate mail being sent from the non-compromised PCs?

Per client adaptive send limits. Easy.

Originally Posted by besson3c 

What about people who figure out ways to remove this rate limit from their SMTP server appliance?

We're not talking about hardened hackers who want to spam - we're talking about innocent zombie victims of trojans, etc.. Aren't we?

Originally Posted by besson3c 

I know enough to know that we are misunderstanding each other, because I'm not following you at all. The IP owner sets up RDNS entries for each of the IPs that belong to that subnet. You want to start mapping these entries to people's home SMTP servers. Is this the gist of what you are saying?

Each domain record must already have a valid rDNS entry to be functional if they want to send mail to places which do an rDNS lookup on receipt (like AOL, or my systems). This system is already in place. You're making problems where there aren't any.

OK, let's look at the process.

My client sends to my SMTP server.
My SMTP server looks at the DNS record for the domain I'm sending to.
My SMTP server initiates a connect to the receiving MX.
Receiving MX checks sending IP against my rDNS entry (held with my ISP). Sees it's valid.
Transmission.
Sorted.

Their client sends to their SMTP server.
Their SMTP server looks at the DNS for my domain.
Their SMTP initiates a connect to my SMTP server.
My SMTP server checks the IP against their rDNS entry. Sees it's valid.
Transmission.
My SMTP server checks that the X-Mailer is not "The!Bat". Bounces if it is.
Sorted.

How hard is that? I'm already doing it. All that needs to happen is that everyone gets their own static IP and we put a lite/cheap version of CommuniGate Pro into the router (and throw an easy, punter-friendly, foolproof interface onto it). Easy.

[besson3c]

Originally Posted by Uncle Doof 

I don't know Bess. Why don't you ask these guys:

http://www.equiinet.com/netpilot/pro...ilotremote.asp

That's no more complicated than the average Netgear router. We just need it to be cheaper, a little better specified and in every house. Oh, and secured by default, since we're not Microsoft and don't have to ship everything with the security turned off.

I'm not saying that it is impossible to ship a secure email appliance, this is obviously not the case. What I'm saying is how would you keep this secured over time? Either the OS running on this thing needs to be upgraded, the firmware, or both... Either way, while this may be a simple task for you or I, getting Joe Sixpack to do this when he/she couldn't even be bothered to secure their wireless network (for instance) is far from a given.

It gets through on the rDNS but then gets bounced on the X-Mailer line.

Huh? A custom header causes a bounce? This doesn't make any sense... Anyone can inject whatever headers they want - I've even seen return path/envelope addresses being spoofed. How would this work, exactly? I see you get into more detail about this below, so moving on...

Require the use of a DNS proxy in the appliance. If the compromised workstation can't resolve by itself, it can't send mail except through the appliance (and thus be subject to the rate controls).

Why would the compromised workstation even care about how the appliance is configured? It wouldn't need to use the appliance for sending mail, nor would it need it for providing lookups.

Per client adaptive send limits. Easy.

Per client, meaning that these can easily be changed? So, the person wants to send a legitimate mailing, cranks up this setting, permits spam in the future. There are no guarantees that Joe Sixpack is going to set this to an intelligent number, and malware is going to bypass this anyway....

We're not talking about hardened hackers who want to spam - we're talking about innocent zombie victims of trojans, etc.. Aren't we?

Maybe, maybe not... Spammers spam by zombifying machines, but what would stop some sort of social engineering exploit to trick people to adjust the settings on their appliance somehow? If Joe Sixpack is going to be using this, it has to be brain dead simple to access, which also means it may be brain dead easy to circumvent.

Each domain record must already have a valid rDNS entry to be functional if they want to send mail to places which do an rDNS lookup on receipt (like AOL, or my systems). This system is already in place. You're making problems where there aren't any.

No, this varies... Some SMTP servers look at RDNS entries within their milter heuristics, some may be configured to look for RDNS in their policy, some may not look at RDNS at all. I've been on ISPs that do not have RDNS records at all for DHCP issued IPs, and you can find some SMTP servers that will receive mail sent from those systems. I know you want to do away with DHCP, but we are talking about the here and now...

OK, let's look at the process.

My client sends to my SMTP server.
My SMTP server looks at the DNS record for the domain I'm sending to.
My SMTP server initiates a connect to the receiving MX.
Receiving MX checks sending IP against my rDNS entry (held with my ISP). Sees it's valid.
Transmission.
Sorted.

Problems:

1) DNS poisoning
2) How is authentication to your SMTP server managed (I'm assuming you are leaving authentication out of your model here)? What happens if your authentication credentials are compromised? How is Joe Sixpack to deal with that (or even learn about that?)
3) non static IPs
4) what happens if there is a mail loop and the sender's or receiver's queues fill up and make the appliance run out of disk space? Are we to teach Joe Sixpack about managing his queues?
5) What about custom domains? If I created mydomain.com with my own DNS record, and set myself as the authority, who would the ISP be? Me? What if you pointed your domain to Dreamhost, Dreamhost becomes your ISP? Okay, so this requires a look at the record to figure out the ISP, a connection to the ISP, a lookup to see if their name servers are authoritative over that domain, and then an RDNS lookup. This becomes expensive to do for every message.

Their client sends to their SMTP server.
Their SMTP server looks at the DNS for my domain.
Their SMTP initiates a connect to my SMTP server.
My SMTP server checks the IP against their rDNS entry. Sees it's valid.
Transmission.
My SMTP server checks that the X-Mailer is not "The!Bat". Bounces if it is.
Sorted.

So there is a list kept somewhere of legitimate mail clients that can be used? What do you do when a new client comes out? How does Joe Sixpack know to add this to his list?

How hard is that? I'm already doing it. All that needs to happen is that everyone gets their own static IP and we put a lite/cheap version of CommuniGate Pro into the router (and throw an easy, punter-friendly, foolproof interface onto it). Easy.

Well, we can't even begin to talk about this until we live in a world of static IPs, like we've discussed, until we've solved all of the problems I've listed and made this easy for Joe Sixpack, at which point I wouldn't trust CommuniGate Pro personally, but okay... We're talking about this as a possibility for sometime in the future, but it sure ain't an option for right now.

Since we are speculating into the future, I think our future computing models are much more likely to be based on ISP virtual machines that would manage mail for us than what you are describing. To me there is far more wisdom in thin clients and an expansive, shared central VM host environment rather than continuing to spend thousands of dollars on wasteful individual workstations.

[Uncle Doof]

Originally Posted by besson3c 

I'm not saying that it is impossible to ship a secure email appliance, this is obviously not the case. What I'm saying is how would you keep this secured over time? Either the OS running on this thing needs to be upgraded, the firmware, or both... Either way, while this may be a simple task for you or I, getting Joe Sixpack to do this when he/she couldn't even be bothered to secure their wireless network (for instance) is far from a given.

We update the firmware on our Macs, don't we? I assume that Joe Sixpack also manages to do this.

It's an email server. It can send messages to internal users reminding them to upgrade their firmware. It ain't difficult.

Originally Posted by besson3c 

Huh? A custom header causes a bounce? This doesn't make any sense... Anyone can inject whatever headers they want - I've even seen return path/envelope addresses being spoofed. How would this work, exactly? I see you get into more detail about this below, so moving on...

No. I personally have decided to reject people using The!Bat, since they're all spammers. Thus I personally have decided to bounce on that header.

Originally Posted by besson3c 

Why would the compromised workstation even care about how the appliance is configured? It wouldn't need to use the appliance for sending mail, nor would it need it for providing lookups.

How the hell does a workstation behind a firewall/modem/mx appliance send email by itself if the appliance doesn't let it do direct DNS lookups or direct SMTP hookups?

Originally Posted by besson3c 

Per client, meaning that these can easily be changed? So, the person wants to send a legitimate mailing, cranks up this setting, permits spam in the future.

You put the lists capability into the appliance and do it from there. It's really not hard.

Originally Posted by besson3c 

Maybe, maybe not... Spammers spam by zombifying machines, but what would stop some sort of social engineering exploit to trick people to adjust the settings on their appliance somehow?

You have never, ever designed a GUI for an app, have you? No, don't answer that - I know there's a reason why you're always ready with a few quick CLI commands.

Originally Posted by besson3c 

If Joe Sixpack is going to be using this, it has to be brain dead simple to access, which also means it may be brain dead easy to circumvent.

No. It's brain dead simple for Joe to drive his car. Not so simple for him to adjust the turbo boost.

I realise you come from the Linux world of really bad interfaces, but what you speak of here ain't that hard. It can be done.

Originally Posted by besson3c 

No, this varies... Some SMTP servers look at RDNS entries within their milter heuristics, some may be configured to look for RDNS in their policy, some may not look at RDNS at all. I've been on ISPs that do not have RDNS records at all for DHCP issued IPs, and you can find some SMTP servers that will receive mail sent from those systems. I know you want to do away with DHCP, but we are talking about the here and now...

See, what you're talking about is what is happening now. I'm talking about what should be happening now if POP3 and DHCP were never allowed onto the WAN.

Originally Posted by besson3c 

Problems:

1) DNS poisoning

Always a problem until someone other than a unix geek redesigns the DNS system.

Originally Posted by besson3c 

2) How is authentication to your SMTP server managed (I'm assuming you are leaving authentication out of your model here)? What happens if your authentication credentials are compromised? How is Joe Sixpack to deal with that (or even learn about that?)

It's authenticated on "no bugger outside the house/LAN can relay through it".

Originally Posted by besson3c 

3) non static IPs

Shouldn't exist outside the LAN.

Originally Posted by besson3c 

4) what happens if there is a mail loop and the sender's or receiver's queues fill up and make the appliance run out of disk space? Are we to teach Joe Sixpack about managing his queues?

There's no need to worry about this kind of thing on a properly designed email server. It's only on that useless *nix crap that you hang about with that this happens.

Originally Posted by besson3c 

So there is a list kept somewhere of legitimate mail clients that can be used? What do you do when a new client comes out? How does Joe Sixpack know to add this to his list?

It's Joe's own choice whether he does or not. Optional.

Originally Posted by besson3c 

Since we are speculating into the future, I think our future computing models are much more likely to be based on ISP virtual machines that would manage mail for us than what you are describing. To me there is far more wisdom in thin clients and an expansive, shared central VM host environment rather than continuing to spend thousands of dollars on wasteful individual workstations.

No thanks. I don't want an ISP holding my confidential mail for me.

Decentralisation is the key, not further centralisation. The future is in gateway appliances. Put it in the same box as your AppleTV/AirPort and you're sorted.

You wouldn't have a vested interest in keeping an ISP in "added" business, would you?

[Uncle Doof]

Oh. You added this:

5) What about custom domains? If I created mydomain.com with my own DNS record, and set myself as the authority, who would the ISP be? Me? What if you pointed your domain to Dreamhost, Dreamhost becomes your ISP?

Yeah, you're just creating problems where there are none now, I expect for your own amusement. Your ISP is the company which provides you with access to the Internet. Strange, no?

Okay, so this requires a look at the record to figure out the ISP, a connection to the ISP, a lookup to see if their name servers are authoritative over that domain, and then an RDNS lookup. This becomes expensive to do for every message.

Ummm. Isn't this basically what happens with every message already anyways?

[11011001]

Originally Posted by besson3c 

Leopard Server simply provides GUIs to Cyrus IMAP and Postfix, last I checked. There is nothing magical about what Leopard Server does, in comparison to other Unix-based email servers. If you are having problems, it is either with the limits of what Leopard's GUIs allow (in which case you could just bypass them and hope that your manual changes are honored by the GUI), or with Cyrus or Postfix themselves, which are not Leopard-specific issues.

I have just been a little disappointed with Leopard Server. It was a rough migration for us from 10.4. Everything from OD corruption, corrupted imap databases, and broken kerberos. Otherwise, the new features are pretty neat. Out of the box, the junk mail filtering is pretty good too.

I know these are not Apple technologies, but Apple is still providing the wrappers for them, and the default configurations.

At the moment, Server Admin isn't showing any of the user accounts (quota), or the mail queue. It's easy to do from the terminal, but it's still annoying.