I've sent two different messages - in different days.
I haven't got a reply for neither, but both eventually showed up in my log - with defined exclusive senders (the addresses contained "+"s).
It's rather annoying to have my log filled up by what turned out as useless addresses - at least for me.
Now, I know your philosophy would state that someone DID get my messages and so my Spamgourmet addresses were "exposed" to the world for eternity. Therefore, these addresses must never be deleted.
However, it hasn't happened to me before with un-replied messages.
I have no spam rules in my e-mail and I usually get all my messages. Of course, there's also the chance that Spamgourmet somehow got the messages, but didn't forward them to me...
I must also point out I used the "create a reply address" facility for them (as new addresses), but I don't see how that's related, unless it's smart enough to notice my "+" and therefore take what I put in the "To" field (in the form) and simulate as if a reply came from that address.
Of course, I haven't checked my log instantly, so I can't tell whether the new addresses showed up instantly (which would increase the chance that the "create a reply address" is the fault) or only after a while (which would increase the chance I somehow didn't get the messages, but indeed they were sent).
But if that's true that's a bug, because what if that user were to use a different e-mail address to reply and therefore make that address the exclusive sender?
P.S.
While on the subject of what it takes to "confirm" a Spamgourmet address enough for it to be put in the log, I'd like to ask this:
What if I get back a "delivery failed" message? Does mailer-daemon confirm my address and become my exclusive sender/decrease the address' count?
Thanks!
New addresses show up without any e-mail sent
3 posts
• Page 1 of 1
New addresses show up without any e-mail sent
by lwc » Tue Jun 07, 2005 6:53 pm
Last edited by lwc on Tue Jun 07, 2005 9:20 pm, edited 1 time in total.
- lwc
- Posts: 455
- Joined: Sat Aug 28, 2004 9:09 am
by josh » Tue Jun 07, 2005 7:12 pm
by the log, I'm taking it that you mean your list of disposable addresses, rather than the "eaten message log".
Based on that, I can tell you this:
When you use the facility for creating redirection addresses and "create a new [disposable address]", we *do* immediately create a disposable address record, even though no mail has been sent to the address yet. And, yes, it's smart enough to establish the exclusive sender if it sees a '+' or a '*' in the right place.
We have to create the record, because the record must already be in place when you use the redirection address. The reason for that is our abuse-protection code. You may be familiar witih redirection addresses:
Each disposable address has a "private key", which is a really long gobblygook that's generated when the address is created -- this data is not exposed. When we create the redirection address, we run a hash algorithm that uses the private key, along with the intended recipient address and other info. The result of that algorithm becomes the "hash" part of the redirection address. When the redirection address is used, we perform the algorithm again, with the private key, sender address, and other info and see if it matches what's in the address. If so, we forward the message. If not, we don't. This is to keep spamgourmet users from changing the recipient address that's embedded in a redirection address and using it to send to another recipient. This is intended to keep spamgourmet from acting as an "open relay" to an enterprising user.
Anyway, if the record's not there when a message is sent to the redirection address, there's no private key, no verification, and therefore no forwarding. Hope this makes sense -- it's not easy to describe (and it was less easy to implement)
Based on that, I can tell you this:
When you use the facility for creating redirection addresses and "create a new [disposable address]", we *do* immediately create a disposable address record, even though no mail has been sent to the address yet. And, yes, it's smart enough to establish the exclusive sender if it sees a '+' or a '*' in the right place.
We have to create the record, because the record must already be in place when you use the redirection address. The reason for that is our abuse-protection code. You may be familiar witih redirection addresses:
- Code: Select all
+word+username.hash.sender#domain@spamgourmet.com
Each disposable address has a "private key", which is a really long gobblygook that's generated when the address is created -- this data is not exposed. When we create the redirection address, we run a hash algorithm that uses the private key, along with the intended recipient address and other info. The result of that algorithm becomes the "hash" part of the redirection address. When the redirection address is used, we perform the algorithm again, with the private key, sender address, and other info and see if it matches what's in the address. If so, we forward the message. If not, we don't. This is to keep spamgourmet users from changing the recipient address that's embedded in a redirection address and using it to send to another recipient. This is intended to keep spamgourmet from acting as an "open relay" to an enterprising user.
Anyway, if the record's not there when a message is sent to the redirection address, there's no private key, no verification, and therefore no forwarding. Hope this makes sense -- it's not easy to describe (and it was less easy to implement)
- josh
- Posts: 1371
- Joined: Fri Aug 29, 2003 2:28 pm
by lwc » Tue Jun 07, 2005 9:17 pm
Well, I'm glad I remembered to mention the "create a reply address" form part...
And I'll never use it for new addresses from now on.
Still, it raises two questions:
1) What if I didn't provide a +/* - would it still artificially create a new disposable address? And if so, would it decrease its count?
2) What if I did yet the user replied via another address? Will it get eaten because the form already set the exclusive sender to something else?
And what if I get back a "delivery failed" message (in both cases)?
Thanks!
And I'll never use it for new addresses from now on.
Still, it raises two questions:
1) What if I didn't provide a +/* - would it still artificially create a new disposable address? And if so, would it decrease its count?
2) What if I did yet the user replied via another address? Will it get eaten because the form already set the exclusive sender to something else?
And what if I get back a "delivery failed" message (in both cases)?
Thanks!
- lwc
- Posts: 455
- Joined: Sat Aug 28, 2004 9:09 am
3 posts
• Page 1 of 1
Return to Support / Hilfe / ayuda / ondersteuning / ...
Who is online
Users browsing this forum: No registered users and 93 guests