[HN Gopher] Email Explained from First Principles
___________________________________________________________________
Email Explained from First Principles
Author : thunderbong
Score : 80 points
Date : 2021-05-08 12:39 UTC (10 hours ago)
(HTM) web link (explained-from-first-principles.com)
(TXT) w3m dump (explained-from-first-principles.com)
| PaulDavisThe1st wrote:
| But can it explain how a financial institution can reliably send
| me a 2FA passcode in a few seconds via email, but a message from
| wife in the other room can take a couple of hours to arrive?
| jbrot wrote:
| Presumably because the financial institution sends the email
| directly to your email provider via SMTP while your wife sends
| the email to her email provider via a mail client protocol like
| POP3 or IMAP, and then her email provider forwards the email on
| to your email provider via SMTP at its leisure
| gumby wrote:
| Does anyone actually implement the BURL extension to IMAP? I
| think pretty much all mail clients just use SMTP for
| submission.
| PaulDavisThe1st wrote:
| Not a bad guess, except that gmail is the email provider for
| both my wife and myself.
| that_guy_iain wrote:
| Gmail doesn't send instantly. This is why they could add
| the undo feature for sending emails.
| upofadown wrote:
| Then the answer might be that the bank does not use Gmail.
| It is after all known to be not that great.
| alexpotato wrote:
| Back in the early 2000's I worked for a company that was the lead
| firm doing analysis of email spammers for later targeting by the
| law firms of the big free email providers.
|
| The phrase "be liberal in what you accept, and conservative in
| what you send" certainly applied to SMTP which led to all kinds
| of craziness in spam.
|
| For example:
|
| - Emails with multiple "From" fields in the headers
|
| - Totally bogus relay chain data
|
| - all kinds of other garbage in random fields
|
| - sender IPs that were faked etc
|
| This was also around the time that spammers were switching to
| using bas64 MIME encoded images to get around text filters.
|
| The company I worked for actually got pretty good at analysing
| the spam thanks to a combination of a IMDB style web based
| browser for the spam I put together and good old fashioned "leg
| work" to track the owner of URLs, merchant accounts etc. That in
| turn led to some of the spammers actually shutting down.
|
| More details here:
| https://twitter.com/alexpotato/status/1208948480867127296
| romanixromanix wrote:
| >> Emails with multiple "From" fields in the headers
|
| Do you think this is still possible?
| gumby wrote:
| Sure better be, for the sake of backwards compatibility.
|
| This isn't a problem for mail transport as the recipient is
| specified in the envelope and the message itself is not
| examined.
|
| What a client should do in such a case is unclear. I suspect
| that they all use the first one encountered and ignore the
| rest.
| secabeen wrote:
| Multiple From: fields are allowed by
| https://tools.ietf.org/html/rfc5322#section-3.6.2 as long as
| a Sender: is also included.
| walrus01 wrote:
| > - Totally bogus relay chain data
|
| - all kinds of other garbage in random fields
|
| - sender IPs that were faked etc
|
| Anyone interested in looking at all the possible permutations
| of spam, can view the spamassassin rule sets which are quite
| comprehensive by now. Spamassassin has been around for close to
| 20 years.
| nefitty wrote:
| I love this. I noticed there's also an article in the same style
| explaining the internet. Looks like I have my reading material
| while I wait for my vaccine today!
| senorsmile wrote:
| Link?
| teddyh wrote:
| https://explained-from-first-principles.com/internet/
| kubanczyk wrote:
| Oh, look mommy, networking explained without mentioning OSI
| model! Good stuff.
| nefitty wrote:
| Sorry, not sure if you're being sincere or not!
| oblib wrote:
| Great timing for me. I've spent the past week setting up a new
| "Mail-in-a-Box" email server after procrastinating past the point
| of upgrading my old one.
|
| I'd much rather not run my own email server but after 20 years of
| developing web apps that need to send emails I've concluded the
| only thing worse than having to build and manage my own is using
| 3rd parties to handle email.
|
| That said, the latest MAIB is pretty sweet and it's a bit easier
| to get de-blacklisted now than it was 5-10 years ago, but it's
| still a pita.
| sbayeta wrote:
| What VPS provider are you using? I set up MiaB on Digitalocean
| a few weeks ago only to find out they won't open port 25.
| crispyporkbites wrote:
| Why is using 3rd party email providers to send email so
| painful?
| happytoexplain wrote:
| I don't know why, but the fact this isn't in the format of a blog
| makes me wary. It gives me "aggregator" vibes. However, it sure
| seems like a ton of dedication went into this writeup. I'd love
| to hear from somebody with domain knowledge who has read some of
| it if it seems good (i.e. factual/complete and well explained,
| subjectively).
|
| Edit: Oh, it _is_ a blog. Something about it made me assume it
| was like a WikiHow.
| donpdonp wrote:
| This is like the Encyclopedia Britannica entry for 'email'. I
| wouldn't call it "from first principles", I'd call it "a survey
| of everything related to email and email delivery" (propane and
| propane accessories).
| jeffbee wrote:
| This article is sort of a mess and I find it difficult to imagine
| anyone could learn about email from reading it. Too often it
| starts with something misleading and only clarifies later. For
| example, at first is says that recipients are given by headers in
| the message, but of course this is not the case. Recipients are
| part of the envelope. Envelope recipients are sometimes derived
| from the message, but sometimes not. I think it would be better
| to explain the SMTP envelope recipients first, which would lay
| the groundwork to explain that sometimes the recipients might be
| derived from RFC-822 header fields created by an MUA. But it's
| important to understand this might not always be true (there
| might not have been an MUA involved, or a webmail system with
| integrated mailer, like Gmail, might not need to put blind
| recipients in the message).
| oblib wrote:
| Well I can still probably learn a lot from it.
|
| Truth is if you're an app maker it's a pretty deep dive into
| just setting up an email server and getting them de-
| blacklisted. It's easier than it was 10 years ago but it's
| still not really "simple" or "easy".
|
| MAIB is the best I've found for my purposes and much better for
| those than the other options they mention on their website or
| anything else I could find.
|
| If you've found flaws in it you might reach out to the author
| and point them out. If it were me I'd appreciate that and make
| edits and give credits in the footnotes to those who took the
| time to help me.
___________________________________________________________________
(page generated 2021-05-08 23:01 UTC)