North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]

  • From: David Schwartz
  • Date: Fri Apr 14 01:02:44 2006

> I haven't seen any succinct justification for providing a
> 550 message rejection for positively-identified spam versus
> silently dropping the message. Lots of how-to instructions
> but no whys.
> matthew black
> california state university, long beach

	Because your father may forward a copy of a Nigeria scam from a new email
address he just got with his new ISP and ask if you if he should send them

	Because a machine you own may be responsible for the spam, and someone may
be forwarding you a copy of it along with the tracking information to
demonstrate that you were responsible for it.

	Because the spam may include a trademark you own and you may need to notify
your legal department about it. The spam may have been helpfully forwarded
to you by someone familiar with your trademarks.

	Because if you say you are going to deliver a message, that's what you
should do.

	Because being spam is not the same as being unimportant.

	All of these things really do happen.

>Agreed, but we're willing to live with an error rate of less
>than one in a million. This isn't a space shuttle. I don't think
>the USPS can claim 99.9999% delivery accuracy. Nonetheless, to
>allay worries, we are considering spam quarantines to allow
>recipients an opportunity to review spam messages themselves, much
>like Yahoo! Mail.

	It is one thing to have an error rate of one in a million, it is quite
another thing to choose to have an error rate of one in a million instead of
one in a billion for no rational reason at all. If the measure is what
fraction of positively-identified spam the recipient would probably rather
receive than not receive, it's probably more like one in 5,000. If the
measure is what fraction of positively-identified spam the recipient would
rather the sender get a reject than silently discard, it's probably more
like one on 20,000.

	The argument on the other side is if the positively-identified spam comes
from a business-critical mailing list that unsubscribes people if they have
too many bounces. This probably isn't an issue for viruses and malware
because these rarely get past the filters these lists already have. It is a
big issue for spam and one of the few for which there is no good solution I
know of. (Other than having the recipient whitelist the list at the MTA,
which is hard to do.)