Faxbox Authentication for Outbound Faxes

[Karl Stallknecht]

If I intentionally send a fax email to one of my faxboxes from an unauthorized Gmail account, no bounce message or response is ever sent back to the Gmail account. On Hotmail and Yahoo though it returns a bounce error. Not sure if this has to do with some sort of email authentication checking on Google's part or what.

Also though, the bounce messages that are returned are very vague and don't explicitly state "this user/email is not authorized to send faxes" - is this vagueness intentional or not?

[Darren Schreiber]

FYI, we are aware of this and it will improve over time. The main challenge here is unauthorized emails actually might be spam attempting to generate "back scatter". This is a common spam tactic where a spammer intentionally emails a known server that will "bounce" emails, using a forged From: address. This inherently generates a reply to the spammer's target in the form of a bounce.

[Karl Stallknecht]

I figured this was the case, thanks! 

Why not just change the email to something less technical and more along the lines of a simply one line reply? (e.g. "Sorry, but you are not authorized to use this resource")

[Darren Schreiber]

Ironically, the current mechanism is to reject the email outright. The error you're receiving is from whomever sends your email to us - they don't even get far enough where we generate a bounce-back.

In other words, we deny the SMTP connection.

That, inherently, is the problem. We have no opportunity to customize the message much. We can add about 100 characters of clarifying text which may, or may not, end up in the response that YOUR email provider generates to you. But there's no guarantee you'll see anything.

We're working on ideas for this.

[Karl Stallknecht]

Sorry, I was not clear. I do indeed understand that as that is the nature of bounce messages. What I meant was is there a reason why you don't accept it and then generate your own error? For example if non-clients attempt to email our support ticketing system, our own system generates an email and sends it back to them stating that they are not a registered client and therefore cannot email us. I do realize though that this could become very resource intensive if a lot of non-clients were emailing us, but I assume you don't have nearly enough volume for that to become an issue with faxboxes.

[Darren Schreiber]

Your response indicates you don't understand what back scatter is. What those services are doing is more complex than you're stating as they have (hopefully) accounted for backscatter.

Please read http://en.wikipedia.org/wiki/Backscatter_%28email%29

[Karl Stallknecht]

I understand what backscatter is just fine. What I was referring to was something different and I don't think you interpreted my response correctly, but the bottom line is that you're working on it so it doesn't matter at this point.

[Darren Schreiber]

OK, well as long as we're on the same page in regards to how we're going to progress, that's great!

[Karl Stallknecht]

It's not a huge deal, it just makes initial troubleshooting difficult if there are problems. As long as we force clients to test it immediately when we set it up or if we change email addresses then it'll be fine.