North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Spam filtering bcps [was Re: Open Letter to D-Link abouttheir NTP vandalism]
On Wed, 12 Apr 2006 20:30:16 +0530 "Suresh Ramasubramanian" <[email protected]> wrote:
On 4/12/06, Matthew Black <[email protected]> wrote:I haven't seen any succinct justification for providing a 550 message rejection for positively-identified spam versus silently dropping the message. Lots of how-to instructions but no whys.For viruses - fine. But you are not going to find any spam filter in the world that doesnt have false positives. And in such cases its always a good idea to let the sender know his email didnt get through.
Agreed, but we're willing to live with an error rate of less than one in a million. This isn't a space shuttle. I don't think the USPS can claim 99.9999% delivery accuracy. Nonetheless, to allay worries, we are considering spam quarantines to allow recipients an opportunity to review spam messages themselves, much like Yahoo! Mail. Complaints about e-mail not getting through won't be solved with a 550 versus silently dropping spam because most users aren't willing to sift through e-mail errors to find the specific cause for delivery failure. Members of this list are a rare exception.
Like for example - you see a large webmail provider whose hosts and domains keep getting forged into spam, misread the headers and block that provider. In such cases, its your users who arent getting a lot of valid email from their friends and relatives who are using that provider, and 550'ing instead of trashing email saves the senders, and their provider, quite lot of time that'd otherwise be spent troubleshooting the issue. Plus, 5xx smtp rejects tend to save your bandwidth a bit compared to accepting the entire email (not that it matters on a small university domain where your userbase is going to be fairly small, and bandwidth available quite generous .. but for larger sites, or sites with bandwidth issues, that's definitely a concern)
We already reject most connections with a 550 or TCP REFUSE based on reputation filtering and blacklists, et al. Where is the bandwidth savings once we've accepted an entire message, scanned it, determined it was spam, then provided a 550 rejection versus silently droping? matthew black california state university, long beach