denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance2016-04-15 07:11 pm

(no subject)

People getting mail at Gmail are reporting email delays of about an hour. As far as I can figure out, it's because some of our recent changes to our network have wiped out our existing sending reputation with them and made us start building reputation again, and they're refusing all mail on first delivery and making us re-send it. (It's a common spam reduction technique, because spammers don't bother retrying if the first attempt fails.)

There isn't much we can do about it but wait it out until Gmail decides that we're legit senders again, but we'll poke at it and see if there's anything we can do to make the process go faster. (I doubt there will be, though; Gmail is persnickety.) In the meantime, to get comment notification email faster, you can switch your confirmed email to a different provider, or just refresh your on-DW inbox.

EDIT: And people are now letting me know that mail's delayed to other providers, too, which is probably follow-on effects from having to send everything to Gmail at least twice. There isn't a lot we can do about it; I'm sorry about the hassle, folks.
marahmarie: my initials (MM) (Default)

Re: Oh, wow

[personal profile] marahmarie 2016-04-20 03:37 am (UTC)(link)
Yeah. The email delays we're seeing are not fun, though. I checked how long last night as Azz and I were bouncing back and forth on this page and the delays were so long I was only able to see their replies when a) I couldn't edit my comment about whitelisting (as it had already been replied to) or b) I refreshed the page. So at the least 2-3 hours (I gave up trying to see how long it took to hit my Inbox after that).

On the face of it, email is pretty much a whitelist by default, as Denise says, so right now we deal with the problems that so easily causes by blacklisting (or otherwise kind of torturing) suspect senders. Spammers expect to be blacklisted so probably know enough to realize they need space at multiple servers/locations. I'm sure the more proficient among them just plan accordingly.

So blacklisting is not an incentive to not spam; it's an incentive to own more IP blocks/domain names/servers. Unless spammers run their own servers or use botnets (which I'm sure they do in addition to merely spamming from, say, their own publicly available websites) the only people incentivized to support blacklists are the ones selling spammers server space and domain names. Because spammers need a lot of both.

I'm thinking since email is basically whitelist by default and since blacklists can often be - I hate them, quite frankly I think they're bullshit - inaccurate, to say the least, not to say far from complete by the very nature of how spammers work tirelessly to circumvent them, that working more with the whitelist idea might be better in the long run.

Incentivize that; make it so everyone who sends email realizes they get priority treatment if they behave, but simply get vaporized (in the long run) if they don't (but if they do behave badly, then as soon as they correct their behavior send their email sailing right through again; nothing is permanent in this system because it simply reacts to how you behave, and does so as close to real time as technology will allow). No more blacklists outside of a record of which senders you vaporize. Automated algorithms pick apart the good from the bad and make the system impossible to game by flagging for enough signals to ensure the sender is legit.

If a legit sender such as Dreamwidth changes, say, a MX record and that throws a red flag then until it can be dealt with (again, perhaps in combination with the currently non-existent customer service we have so far) then rather than initially slow the email down through forced resends or outright disappearing it right off the bat, the email is linked to the same way a webpage can be.

So in your Inbox? You click a link to open the email and all you get is another link; when you hover that you basically have to sign a clickwrap agreement saying you realize the mail in question might destroy your computer, your life and steal you or your neighbor's firstborn and everyone's dog before you can even download it. Even then, images and links within the suspect email stay blocked with more warnings you have to agree to before you can open them.

This might solve some of the server space problems with storing spam Denise mentioned, as nothing suspect is shown to the user except the email title - not without extensive warning to the user on every suspect email and a very explicit agreement being clicked upon that the user does in fact understand things could go really, really bad. If the user doesn't try to open such emails within, say, two weeks, they're flushed from the server because reaching people's eyeballs through their inboxes is a privilege, not a right.

Besides that, just incentivize good behavior to make people want to remain on a whitelist and maybe force at least some of the less determined spammers to clean up their acts, so say, in return for good behavior, prioritize all their email delivery; over time as trust is built give them little Safe Sender icons like you see in Outlook for - I think it's eBay and Microsoft's own mail - to show the user whom to trust; offer reasonable paid subscription services that provide instant access to email tech support to - why aren't things like this done now?

I'm not sure why email seems to lack salespeople with some positive spin on things but it needs a way to unite the backend work of delivering safe email with the front end work of encouraging people to want to do exactly that. I can't be the first or the 10 millionth person to think so and most of my ideas are probably not original, it's just a remix of some I've seen and had over time.

Again, this is all a bit pie in the sky on my part and there are probably many reasons why what I'm suggesting can't work as one cohesive, completely secure program, but that's where I realize more minds on the same problem have either already discovered it can't be done or maybe just haven't iterated or reiterated it enough yet.
Edited (more info) 2016-04-20 03:44 (UTC)