• Nougat@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Just so happens I’ve been working with email for twenty years. I’ve heard of this Google email thing, and while it certainly exists, it’s not an isolated case. Mail server admins are empowered to handle incoming mail in very many limiting ways, whether that be rate limiting, or spam filtering, or message size, or lots of other things.

    While there are general standards for these kinds of limits, they all exist at essentially every receiving mail server - and for good reason. You have to implement limits, or it becomes elementary for your mail server to be attacked and endangered.

    Because Google has a large stake in email, they are a large target for such attacks. It stands to reason that they would need to have strict limits in order to reduce their exposure. But again, all mail servers have various limits applied, and we’re still using SMTP.

    Oh, and I forgot to mention: if Google wanted email senders to adhere to their limits, they would make those limits public. They don’t, because doing so would just tell malicious senders how to work around those limits.

    • Skyler@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      So then it would seem like SMTP is a pretty poor example of an open standard? Acknowledging that a technology will only work in practice if everyone adds their own unpublished rules around it is kind of admitting that the standard and protocol isn’t sufficient.

      • Nougat@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        You’re not wrong there. SMTP dates back to 1981, and at that time, there were zero security features, and it was designed to be used for plain text only. Every other feature of email has been glommed on to that core. HTTP, DNS, FTP, they all suffer from the same kind of thing - developed a very long time ago when security and identity were barely a thought.

        I don’t know the details of how standards for ActivityPub is written, but being that it is much newer, I have to think that more thought has been put to modern needs. Of course, the modern landscape is completely different than it was in the early 1980s, so it’s yet to be seen how this will all develop. That said, these earlier protocols are examples of how a protocol can take hold and not be finally extinguished.