New feature: Whitelisting!

This is a general forum about all topics, i.e. TrashMail.net, spam mails, email protection, privacy and other things.

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 26 Jun 2007, 20:21

Z wrote:One more thing. When I'm using whitelisting... Following information is missing from first message that comes trough:

Btw. Key stuff is working perfectly.

X-TrashMail-Forwards: 10000 of 10000 left
X-TrashMail-Expire_Date: 23 December 2007 - 07:53:17
X-TrashMail-Modify_Link: XXX

I don't know how you implemented whitelisting queue. But when messages are released from queue, those should go trough "normal" process. Add those headers, set from field etc...

- Thanks
I fixed this problem.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: New feature: Whitelisting!

Post by Z » 26 Jun 2007, 20:27

Thanks!

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 26 Jun 2007, 20:29

Z wrote:Thanks!
Reply addresses are now also created (I just added this too).
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 26 Jun 2007, 20:43

Z wrote:I guess some of this stuff is general, some should be in bugs section and some other stuff in to do area. So, I'll simply put it here, with the announcment about these new features.

1. Confirmation message layout

Acception confirmation information should be in BEGINNING of message, not at the end.
If email is long, then it's very unclear to (busy) user what happened. Suggested form:
*Trashmail stuff here*

-- Sent message follows --

* Original sent message *
2. Feedback messages

IMHO! I wouldnt sent out those confirmation messages. I mean accepted or deleted at all. There is simply no point of doing that. And in some cases it might actually create a problem. If messages is ignored (expire or delete), then it is. If it's confirmed by recepient or send then it is. No need to send crap.

3. Reply masking

It seems that reply masking is broken when using whitelisting. So if I reply to message that came trough whitelisting then I can't reply to it using my trashmail.net address (using reply masking).

4. Confirmtion by email

I know lot of users that have access to email, but they don't have access to web. Due corporate restrictions or other reasons. Like using simple PDA email. If there could be some way to confirm messages using email only? I could suggest several methods, but I guess it's out of scope for this comment list.

5. Possible loop problem

I tried if you have a looping problem. Confirm, confirmation message by confirming confirmation message. You dont seem to be having this problem. I was already laughing that I'll crash the system. I have seen too many times "moronic" problems. But I'm very happy that you didnt have this problem. ;)

6. Manage mail queue

Doesnt work now for some reason:
Internal error: Invalid trashmail username format in trashmail_getuid(...) call. Please contact the system administrator.


Btw. It did work in the morning with Firefox, it might be URL or server related. Didnt have time to check it completely out.

Url: https://ssl.trashmail.net/?login=1&auth ... _mailqueue

I might know the reason. I ignore all non-session cookies. Do you use those? I changed some settings, no help. So I guess its not about this, there is some another reason. I think it's funny that login is 1 and auth is 1. I'll try to enter key information to url and see what happens. Nope, didnt help either.

Managing WL mail queue and addresses work for another account and wont work for another. So it doesn't have anything to do with web browser.

Afaik whitelisting works now very well.

7. Disable confirmation

Seems to be working as I expected. But in this case, should we create bounce or not? It seems that no bounce is being generated. My opinion is that in this special case there should be bounce message. So sender knows that message was rejected. So they can try another way contacting recipient.

Update: Bounce was generated, I didn't receive it in time due slow email systems.

8. Whitelist when sending

This should work, it's important. When I send email, rules allowing reply to be sent back without confirmation is important. Every message confirmation is exception. But this can create dead lock kind of situation like loop. Both are waiting for confirmation which is waiting for confirmation.

9. Confirmation message from address

That's though question too. I think it should be the recipient address instead of [email protected]. Think about that deadlock situation. And think about general email "street wise rules". I'll get email from some robot that asks me to confirm my email. Afaik, it would be much nicer to get it from the address that I sent my email to. Because then it would be immediately clear that it's about my email. Not about "confirming my email" for "some reason". Or do you now automaticly process any bounces to robot address? Fixing issue 1. might solve this. I guess you'll user robot address to prevent looping?

10. Black listing?
If there are problems, there might be requirement to add blacklisting which prevents from whitelisting. I guess there might be abuse cases where some user (sender) whitelists all messages even confirmation for every message is required. Then black listing would help.

End of summary

These are my first impressions, comments and thoughts.

You said...
I tried to eliminate a maximum of bugs! :-)
- That's very nice... ;)

I think this is good discussion opening... Lets hear other comments!
Here is my resume about your points:
1. Fixed.
2. Will for the moment stay, because user needs for the moment to know if he still needs to confirm the email that he would not worry about strange error on the site, because the site would not display for the moment an extra message that the messages has been already confirmed.
3. Fixed.
4. Added in the Todo list
5. Fixed: I found out a loop problem when forwarding from my local email account emails to my trashmail account by using TrashMail by accepting emails only with the X-TrashMail-Key field. Now request for confirmation emails are only sent once per sender email address in the queue.
6. Fixed: Accounts with digits in their names are now accepted.
7. Nothing to do: TrashMail responds immediately if emails are not accepted. Unfortunately other email server in the Internet are some times slow.
8. Added in the ToDo list
9. Emails to the robot are ignored by the systems (so they are lost). This is to prevent infinite loops and eliminate directly the need to handle the X-Loop field for lazy reasons to handle this. However its more beautiful with the real address. I have added this in the Todo list.
10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: New feature: Whitelisting!

Post by Z » 27 Jun 2007, 06:08

Admin wrote:10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?
Yep. As I mentioned, it's big hard to do. It was just an idea. But as you mention, it's kind of pointless. If sender is going trough effort of confirming every message he got plenty of other means to get around any blocking. One of easiest for average joe is to use several free webmail addresses etc.

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 27 Jun 2007, 07:14

Z wrote:
Admin wrote:10. Hmm how do you protect by the user who change their From header? In this case I suppose it should also be possible to black list special message content and IP address?
Yep. As I mentioned, it's big hard to do. It was just an idea. But as you mention, it's kind of pointless. If sender is going trough effort of confirming every message he got plenty of other means to get around any blocking. One of easiest for average joe is to use several free webmail addresses etc.
Ok I added blacklisting in the ToDo list:
https://ssl.trashmail.net/forum/viewtopic.php?t=139

Now I suggest to implement as first the possibility to customize the X-TrashMail-Key field on the account settings page. Then we would be able to use any kind of domain name with whitelisting.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: New feature: Whitelisting!

Post by Z » 27 Jun 2007, 15:36

AFAIK black listing is actually quite useless, when I tought it bit more. As you mentioned. There is always way to get around it. It's then better to use static whitelisting so users cant add addresses to list.

My opinion is that it is much more important that message seems to be coming from the recipient instead of [email protected]... When you think about those deadlock situations.
Last edited by Z on 28 Jun 2007, 06:57, edited 1 time in total.

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 27 Jun 2007, 17:12

Z wrote:AFAIK black listing is actually quite useless, when I tought it bit more. As you mentioned. There is always way to get around it. It's then better to use statick whitelisting so users cant add addresses to list.

My opinion is that it is much more important that message seems to be coming from the recipient instead of [email protected]... When you think about those deadlock situations.
I will check that, it would take a little time to implement this.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

steve2017bus
Posts: 2
Joined: 12 Jul 2014, 09:13
Contact:

Re: New feature: Whitelisting!

Post by steve2017bus » 12 Jul 2014, 09:38

Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.

Saxtus
Posts: 95
Joined: 05 Oct 2009, 06:13
Location: Athens, Greece
Contact:

Re: New feature: Whitelisting!

Post by Saxtus » 12 Jul 2014, 11:46

steve2017bus wrote:Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.
Sometimes when you give an address to someone, s/he pass it up to other contacts that YOU WANT to have your address.
Deleting the address means that you wave to notify every one of them.

Admin
Site Admin
Posts: 1353
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: New feature: Whitelisting!

Post by Admin » 22 Jul 2014, 21:26

steve2017bus wrote:Excuse me - but I must be an idiot. I don't really understand what all this whitelisting drama is about. If you know which site is sending you spam, (via the assigned url for that trashmail address or the group/individual you've given it to), why not just delete that address and break contact ? You've got virtually unlimited addresses to play with. I don't use whitelist confirmation at all. This service isn't supposed to be a NORMAL email provider.
It depends, in my case I have a complex setup which looks like so:
Real email address forwards ALL to one single TrashMail address which has the challenge response system enabled, then forwards back to my real email address.

Incoming email -> my real email address -> TrashMail.com Address with Challenge-Response System (CAPTCHA enabled) -> my real email address (I detect here with the X-TrashMail-Key field that the mail passed successfully the CAPTCHA code)

So once your normal real email address is already "contaminated" with spam, you can use TrashMail's CAPTCHA challenge response system to protect you against all non-human written emails.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest