How to deal with mailing lists?

memreflect said:
Neither ProtonMail nor Tutanota offers native IMAP or POP3; end-to-end encryption makes it impossible to do so.
Click to expand...

Why would E2E encryption do that? I am not sure if i understand you correctly but i'd argue that it's actually quite hard to do E2E encryption without IMAP/POP3. Without it you would have to rely on the provider encrypting your data (unless you want to copy/paste some already encrypted data of course) which seems rather scary. Even if it's technically client side (java script) since that script could simply be replaced with a noop at any given time and hardly anyone would notice since who actually checks all the java script on a website every time they write an email?

Encryption should be done client side by using some actual email client. Yes, that sadly leaves the meta data which can be logged on the open internet if the email gets send to a user on a different server (which is only avoidable if there is a secure SMTPS setup on both sides which is quite hard/unlikely - the method of email encryption has no effect on this). If the mail does not travel the internet it's only the provider itself who could log it. That scenario seems way better to me than potentially logging the full text. All of that could be done with any semi serious email client over POP3/IMAP or is an application like ProtonMail Bridge (which even seems to be closed source?) somehow more secure than GPG?
 
I think the issue here is.. what are you trying to do?

in general filtering mail on an MUA (mail user agent such as outlook) is a terrible idea filtering should be done at the firewall level (for advanced users) and or by an upstream MTA (mail transfer agent, postfix/sendmail)

delevering mail to a mail box and then filtering is a terrible idea at best as there are many ways a spammer can verify delevery of mail .. once thats done your email can then be re-sold as active/delveriable..

as for TLS mail sending.. I would really watch the wording on that.. just becasue they claim "end to end encryption" only says they "require" TLS .. this ONLY ensures the transport of mail is encrypted.. NOT the content.

If you want true end to end encruption this is generally done by scraping the entire email to a container file (ie an encrypted pdf) and then transfering that as an attachment to the destination. This ensures both the transport and content are encrypted.
 
zader said:
as there are many ways a spammer can verify delevery of mail ..
Click to expand...

I can't think of anything besides sending html with an external image that logs accesses. This is not going to work as long as your client won't render html (or is at least smart enough to not fetch external resources). I think there is also a header for requesting delivery notification but which somewhat privacy respecting client would turn on something like this by default? Beyond that i wouldn't know how to test delivery. Am i overlooking something here?
 
Im not going to post how to do it.. but you can refer to Email standards RFC 5322 3.6.7 Trace Fields is once very low tech way to do it .. depending on the MUA it may answer without a user ever knowing.

There are other more advanced methods as well. Some of wich may .. as you said use html/phishing methods .. again tho.. not interested in posting methods that would make a spammer smarter..
 
However..

here are some methods you could do to make a spammers life a terrible living hell on earth ...

Use a PF based firewall .. ( I prefer OpenBSD)

create some scripts to wget some/most/all of the black lists from the vaious sources like spamhaus..
sed/awk out the list into a list of just ips..

in your pf.conf .. create a black list table.
populate the table with the above list of deduped list of ips..
create AltQ rules to limit bandwidth from that table to 1 char per second...

This will allow a black listed IP to connect downstream to postfix .. only to be dropped... thus insted of taking 10ms to deliver an email it will take several minutes to get dropped :)

most people dont understand spammers ... spam is a business.. and its 100% based on mail delevery per hr ..

when it suddenly takes several mins per email to spam you.. they will go out of their way to avoid mailing to you..

tarpitting holds a special spot in my heart for spammers .. :)
 
zader said:
Im not going to post how to do it.. but you can refer to Email standards RFC 5322 3.6.7 Trace Fields is once very low tech way to do it .. depending on the MUA it may answer without a user ever knowing.
Click to expand...

Most of the time the sender already knows that the target account exists when the server accepts the recipient and the real interesting question would be if the mail was actually read. In general acting on something like this rather seems like a mail server in the 90s might have done. If i was a spammer and found a server where this worked i'd have a way better idea: Just send a ton of mails that are going to get blocked and put my real target in the return path. The thought of the server notifying the sender that his spam was blocked just because he said so is amusing though.

zader said:
There are other more advanced methods as well. Some of wich may .. as you said use html/phishing methods .. again tho.. not interested in posting methods that would make a spammer smarter..
Click to expand...

Boring.
 
I have real trouble using tutanota to receive verification emails from services. The latest is topicbox. I think I would back selling my data to them. I will back using hotmail.
 
gh_legacy said:
I have real trouble using tutanota to receive verification emails from services.
Click to expand...
From Tutanota website:
  1. Tutanota, sometimes you need to wait 48 hours until this address is being approved.
  2. This is necessary to prevent abuse by spammers and still offer an anonymous email registration.
tutanota.com

What should I do if registering with a Tutanota email address at an online service fails? | Tuta

Troubleshooting: There are several options to resolve problems with online registrations.
tutanota.com tutanota.com
 
Change the subscription options to digest. This way, there will be 1 email a day, whenever anything is posted to the mailing list.

Unsubscribe or edit options are on the mailing list page. When signing up, the option to receive daily digests is there too.
 
You must log in or register to reply here.
Back
Top