This is a bit of a braindump, under the assumption there isn’t a “this already works if you click this checkbox” solution out there.
I’m experimenting with Discourse and its Mailing List Mode (which are both pretty great!), and I was thinking about some minor improvements with email backscatter.
I’m using the mail-receiver Docker container that Discourse offers, not POP3 polling. What I’m going to describe here only applies to handling one’s own incoming SMTP traffic.
The gist is this: Discourse is smart enough to reject incoming mail if the user isn’t allowed to post somewhere, or if the user wrote to a bogus email address. It sends a polite bounce email, but this has unintended consequences:
- Spammers hitting the mail server will generate bounces, either for bogus addresses or real people that didn’t actually try to interact with Discourse, so you can get a flurry of backscatter, which is bad.
- Legit email from legit users that made legit mistakes will get a legit bounce, and GMail will quietly put it in the user’s spam folder (at least, it did for me).
A better solution would be to reject mail during the SMTP transaction, when reasonable to do so. Making that work will:
- Reduce unnecessary email bounce traffic due to joe-job spammers, etc.
- Prevent risk of damage to a domain’s spam reputation.
- Give users a more visible and immediate notice that something went wrong (email providers will tend to put a THIS DIDN’T SEND email in the user’s inbox).
Even if we just use the mail-receiver Docker container that Discourse offers, this still needs some support from the Discourse instance to make this happen. I couldn’t find any API to do this, but it would be useful if we could query with the system API key for something like this:
- Can email@example.com send mail to firstname.lastname@example.org?
And this returns a boolean (yes or no on whether mail is acceptable) and maybe a simple string of why ("email@example.com isn’t a valid reply-to-thread slug, firstname.lastname@example.org isn’t a create-new-topic address, email@example.com isn’t allowed to post here, etc. It could even just be the existing “Email::Receiver::StrangersNotAllowedError” style error strings).
This could be more fine-grained (“is firstname.lastname@example.org a valid user?” “is email@example.com an available email target?”), but ultimately we want an API that says “should I drop this email right now or send it through to the system?” …it doesn’t have to, and probably shouldn’t, deal with rejections for things that need further processing (email is too short rejections, etc). We really just need to catch the obvious spam and malware vectors here.
Then that API call can be hooked up to /usr/local/bin/receive-mail in the mail-receiver Docker container, which can optionally return a permanent fail to the SMTP client instead of sending the email content to Discourse at all.
Does this sound like a reasonable approach? Does something like this exist already?