North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Spam filtering bcps [was Re: Open Letter to D-Link abouttheir NTP vandalism]

  • From: Matthew Black
  • Date: Wed Apr 12 11:34:23 2006

On Wed, 12 Apr 2006 20:30:16 +0530
 "Suresh Ramasubramanian" <[email protected]> wrote:
On 4/12/06, Matthew Black <[email protected]> wrote:
I haven't seen any succinct justification for providing a
550 message rejection for positively-identified spam versus
silently dropping the message. Lots of how-to instructions
but no whys.

For viruses - fine.  But you are not going to find any spam filter in
the world that doesnt have false positives.  And in such cases its
always a good idea to let the sender know his email didnt get through.
Agreed, but we're willing to live with an error rate of less
than one in a million. This isn't a space shuttle. I don't think
the USPS can claim 99.9999% delivery accuracy. Nonetheless, to
allay worries, we are considering spam quarantines to allow
recipients an opportunity to review spam messages themselves, much
like Yahoo! Mail.

Complaints about e-mail not getting through won't be solved
with a 550 versus silently dropping spam because most users aren't
willing to sift through e-mail errors to find the specific cause
for delivery failure. Members of this list are a rare exception.

Like for example - you see a large webmail provider whose hosts and
domains keep getting forged into spam, misread the headers and block
that provider.  In such cases, its your users who arent getting a lot
of valid email from their friends and relatives who are using that
provider, and 550'ing instead of trashing email saves the senders, and
their provider,  quite  lot of time that'd otherwise be spent
troubleshooting the issue.

Plus, 5xx smtp rejects tend to save your bandwidth a bit compared to
accepting the entire email (not that it matters on a small university
domain where your userbase is going to be fairly small, and bandwidth
available quite generous ..  but for larger sites, or sites with
bandwidth issues, that's definitely a concern)
We already reject most connections with a 550 or TCP REFUSE
based on reputation filtering and blacklists, et al.

Where is the bandwidth savings once we've accepted an entire message,
scanned it, determined it was spam, then provided a 550 rejection
versus silently droping?

matthew black
california state university, long beach