North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]

  • From: Suresh Ramasubramanian
  • Date: Wed Apr 12 11:02:02 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=eC+lCH/B8MB/dnDhD7m7qKbi/6DR0HVEwpel410rurT68oxhHGEevBkRj23h+DLoTpxtcXAWdQUn+9cwCOK8+0DAuDZ1S/CYqn22r6OpP2R0fpBSPlDGf/Gz3BQ6mK+0im9XPo8kJYhE8WTw89WIsm4ThuRTUneDTNoxJ1mbwBw=

On 4/12/06, Matthew Black <[email protected]> wrote:
> I haven't seen any succinct justification for providing a
> 550 message rejection for positively-identified spam versus
> silently dropping the message. Lots of how-to instructions
> but no whys.

For viruses - fine.  But you are not going to find any spam filter in
the world that doesnt have false positives.  And in such cases its
always a good idea to let the sender know his email didnt get through.

Like for example - you see a large webmail provider whose hosts and
domains keep getting forged into spam, misread the headers and block
that provider.  In such cases, its your users who arent getting a lot
of valid email from their friends and relatives who are using that
provider, and 550'ing instead of trashing email saves the senders, and
their provider,  quite  lot of time that'd otherwise be spent
troubleshooting the issue.

Plus, 5xx smtp rejects tend to save your bandwidth a bit compared to
accepting the entire email (not that it matters on a small university
domain where your userbase is going to be fairly small, and bandwidth
available quite generous ..  but for larger sites, or sites with
bandwidth issues, that's definitely a concern)


Suresh Ramasubramanian ([email protected])