Re: more on starttls, gnutls-cli and using tls for mail

[Tim Cross]

On Thu, Aug 18, 2011 at 12:28 AM, Karl Fogel <address@hidden> wrote:
> Tim Cross <address@hidden> writes:
>>OK, thanks Jijay. So, it would seem the use case is possibly something
>>specific google has done to detect possible abuse of an email account.
>>I've not run into this myself, but at least this gives one possible
>>data point on why this additional complexity may be required.
>
> There's another issue too:
>
> Although "smtp.gmail.com" is the One True Server for sending mails
> through Google [1], the account you log in with there could be a regular
> Google/Gmail account (call this type "A") or it could be a Google Apps
> For Your Domain (type "B") account.
>
> These are rather different beasts.  While you could set up your "A"
> account such that it's able to send mail with a From address that is
> really of type "B", I had some experiences -- clean reproduction recipes
> are hard to create, unfortunately -- that indicated there could be authn
> problems or being-blocked-as-spam problems if I sent from type "A"
> repeatedly with a From address of type "B".  But these problems go away
> if I authenticate to smtp.gmail.com as user "B" whenever sending mail
> with an address of type "B".
>
> Again, in practice it's impossible to get definitive answers to what the
> rules are.  Running experiments is very time consuming, it's hard to
> isolate variables, and Google doesn't have the staff to answer in-depth
> technical questions (though random members of the public sometimes do --
> see [2]).
>
> Essentially, running one's own email server has become too hard
> nowadays, but if one uses an email server hosted by an organization
> large enough to deal competently with the running an email server in the
> modern era, then by definition that organization will be too large to
> answer individual questions.  The problem is systemic; I'm not blaming
> Google -- I'm glad they offer the smtp.gmail.com service.
>
> So I have to get Emacs to switch sender authn creds on an email-by-email
> basis.  Recent smtpmail.el changes have made this harder, not easier.
>
> -Karl
>
> [1] The reason I send mail through Google is because if I use my own
>    server, it can be difficult to avoid the server being blacklisted
>    even when that server is not the origin of any spam.  See
>    http://www.rants.org/2010/05/26/email-blacklisting-considered-harmful/
>
> [2] http://www.google.com/support/forum/p/gmail/thread?tid=45781946ea84651e
>

Thanks Karl. It seems there are use cases for using different
authenticated users based on the from/reply address being used.
However, it should be noted that this is not due to any requirement or
limitation of smtp - this is because of addtional requirements imposed
by providers, such as google's gmail, which adds additional
restrictions that are not standard smtp behavior.

Tim