Open briantopping opened 9 years ago
maxtaco
commented
9 years ago Thanks Brian, you're right, I haven't had much time to configure our forwarding system. I hope to get to it soon. Do you want me to disable forwarding for you in the mean time? Regards, Max
briantopping
commented
9 years ago Hey Max, no worries! No need to disable, just wanted to get it in the queue.
Hope you're having fun and things are going well!
Hasimir
commented
8 years ago I knew I couldn't be the only one. At the least setting forwarding on and off should be an option each user can set with a checkbox (possibly with a dropdown menu to select which other UID to forward to).
Personally I'd like to be able to set some minimal rules (I'll open a new ticket as a feature request if you prefer), but I'd like to be able to set it to only forward messages that are signed or encrypted (or both, but it'd only see the encryption). It wouldn't need to be very complex, just checking for messages containing the telltale "-----BEGIN PGP SIGNED MESSAGE-----" or "-----BEGIN PGP ENCRYPTED MESSAGE-----" (make sure it checks "attachments" if PGP/MIME is used) and if there's a match, forward it, if not, dump it to /dev/null. It's even easier than Bayesian filtering because there's only a few possible strings to check for. I've seen spammers adapt to a lot of things, but I've never seen OpenPGP signed spam in more than 2 decades online (I have seen signed trolling, but that's different). .
maxtaco
commented
8 years ago Hi @briantopping and @Hasimir, we're getting out of the Mail forwarding business to pursue more interesting projects. The current system is a distraction and a security vulnerability. I'm going to just freeze the small set of users into place who are currently using the feature. Do you guys want to me to remove you or leave you on? Thanks!
Hasimir
commented
8 years ago I'm happy to lose that part. It would have been nice if it had encouraged any actual encrypted messages, but nope and I guess you saw the same thing. Besides, people should be able to see the primary UID anyway. ;)
If, however, you still want some kind of GPG driven messaging, but which is a little more interesting than spam city, and may even avoid a lot of the metadata traffic analysis currently in play, have a look at Confidant Mail (or CMTP, Confidant Mail Transfer Protocol). Instead of delivering mail via SMTP it uses KHT like BitTorrent and everything is encrypted without end users needing to do anything except remember their passphrase.
My use of it (when I have the time), usually involves getting the OS X binary, locating the prebuilt PGP binaries inside it, deleting them and then making corresponding sym-links out to my real installation (because building it with clang sucks), but the real appeal is as a proof-of-concept and protocol specification which ought to be able to be adapted to, well, basically anything.
briantopping
commented
8 years ago Ben, your thoughts here made me realize the missing link here: The Keybase SMTP forwarder should simply not forward emails unless they are encrypted. Do not pass go, do not collect $200.
zQueal
commented
8 years ago The Keybase SMTP forwarder should simply not forward emails unless they are encrypted. Do not pass go, do not collect $200.
This would be super cool! However, unfortunately;
we're getting out of the Mail forwarding business to pursue more interesting projects.
So don't expect this one.
briantopping
commented
8 years ago Famous last words ;)
Well that sucks! I just got two spams via my keybase.io email forwarding account. Was wondering how long that would take.
I rely 1% on a private blacklist and 99% on DNSBL lists and occasional use of spamcop.net (which has it's own DNSBL) to filter spam and it works almost flawlessly. Unfortunately, keybase.io would not want to get listed in either.
That said, maybe it could use them to get started and see if the problem could be nipped in the bud. Here's relevant postfix config from my install:
Maybe this kind of thing should be set up on keybase.io?