Autoresponders in the modern email world

May 16, 2009

Given modern email, one may sensibly ask what the role of various sorts of autoresponders and other 'do things by email' things are. The simple answer is that they have no role; they cannot send email to people who have not asked for it, plus pragmatically, most of the email that they get will have forged sender information and be invalid.

Well, sort of, because the statement of the limitations also shows how you can get around them. There are two general approaches.

First, you can simply make your system never send email. Everything that it would previously have sent email for must be checked and handled at SMTP time and produce SMTP rejections, so instead of an email to tell you that your bug report wasn't formatted right, you get a SMTP rejection to that effect. This obviously only works for 'do things by email' systems that don't need to email people as a routine matter.

The second is that if you can only send email to people who have specifically asked for it, you simply need to have your system only accept email from people who have registered their email addresses with you. Since you can't send bounces, you have to do this check at SMTP time and refuse messages that don't pass it.

(This may still give the malicious a way to harass your users, but at a minimum it insures that you are not sending backscatter to random forged addresses. It follows that you should allow your users to opt out of this, so that if the malicious do start trying to harass them through this they can easily cut the email off.)

These two approaches can of course be combined; you might send friendly error messages by email only to registered users and do SMTP-time rejection for everyone else, for example.

(It is worth mentioning one bad combination explicitly: no matter how tempting it seems, you cannot send email to an email address just because it has submitted a validly formatted request.)

These are pretty strong rules, but I feel that they're what's necessary in a modern email environment.

Written on 16 May 2009.
« Why df on an NFS-mounted ZFS filesystem can give odd results
The crucial difference between online and offline backups »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sat May 16 01:30:51 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.