Open fosterfarrell9 opened 1 year ago
possibly solved through #414
@fosterfarrell9 Has this been fixed by #414?
The procedure for cleaning old users should be as follows:
So far, the UserCleaner relies on certain body messages sent in bounced emails and parses them via regular expressions. This seems very fragile (there is no standard for such body messages, or at least not a standard that is widely adopted). Let's instead try to find an approach that is more robust.
Your SMTP Envelope from address should not be the same as your RFC822 From Header address. Then any SMTP errors will go to the bounce address, but any real emails will go to the From address. Mailing List Managers use VERP to detect problems, by using a different envelope From address for each delivery. ~ StackOverflow
Variable envelope return path (VERP) ~ Wikipedia We should probably use this with custom hashes such that no third-party person could just send an email to us with the recipient of another email in the header in order to delete that user even before the due date.
The only real disadvantage Wikipedia lists for this approach is the following_
Another problem with VERP (and with any automatic bounce handling scheme) is that there are MTAs on the Internet that fail to follow basic SMTP standards. VERP depends on the recipients' MTAs following the rule that bounces are sent to the envelope sender. This has been a standard requirement since the dawn of SMTP in 1982 (see RFC 821), but still there are MTAs that get it wrong, usually by bouncing to the address in the From: header.
I feel like we don't have to deal with yet another annoying case like this one. If the mail bounces AND the email server does not adhere to the SMPT standard, then I think it's not our fault and nobody can complain we didn't handle that case. We tried our best. It's goodwill from our side that we even consider resending the bounced mail again after 1 day, e.g. when the mail quota of the recipient is reached or when a mail server is down for some reason. We even send 3 mails in total before deleting the user enitrely.
The UserCleaner worker which is run periodically to autodetect users who have mail adresses that are no longer valid does not detect many of the bounces.