1 |
On Friday 04 September 2009 17:23:15 Stroller wrote: |
2 |
> You may be in a slightly exceptional position in that the bandwidth |
3 |
> cost - of syncing to Spamhaus and the additional DNS lookups - may be |
4 |
> prohibitive. UCLA are not. |
5 |
> |
6 |
> Whatever the proportion of legitimate mail this policy rejects, this |
7 |
> policy DOES reject legitimate mail, and that's pretty lame because |
8 |
> there are other ways to achieve the goal (reduction of spam) without |
9 |
> that side-effect. |
10 |
> |
11 |
> If you read postfix-users then you'll find many mail administrators in |
12 |
> a similar position to your own (dealing with millions of messages |
13 |
> daily) on that list, and that simply blocking home DSL connections is |
14 |
> not very popular amongst them. It's not considered a cool policy |
15 |
> because it's inefficient. I am not an expert on this subject - I'm |
16 |
> pretty sure there are other methods which will identify legitimate |
17 |
> hosts versus spammers which should be implemented before this one, but |
18 |
> I do not know the details. |
19 |
|
20 |
Every other solution out there has this one little problem that people seem to |
21 |
ignore. |
22 |
|
23 |
Per RFC, if you accept the connection and the mail, you will deliver it. |
24 |
That's what it says. It also says this since days long before spam problems, |
25 |
but still. We all conveniently ignore this if we are talking about what *we* |
26 |
consider spam, and by "we" I mean "everyone who cares to take an interest |
27 |
except the actual recipient". |
28 |
|
29 |
Yes, that's what it reduces down to. The recipient cannot by definition be |
30 |
part of the anti-spam process as the mail is discarded before he/she can see |
31 |
it. Yet we accepted the mail implying that we will deliver it... |
32 |
|
33 |
Best policy is to stipulate in the ISP's terms of service that you will not |
34 |
accept inbound mail connections from range you feel you cannot trust and users |
35 |
must use their ISPs mail relay instead. Instantly, 85% of the problem goes |
36 |
away, and I have numbers to prove it. Plus, it's very hard to police |
37 |
individual users out there, but if they use the ISP's relay instead I have a |
38 |
single point of contact. They will then police their own users (otherwise I |
39 |
cut their mail link), just like I police my own outbound users. |
40 |
|
41 |
And why is a user on a DSL range running a mail server anyway? The vast |
42 |
overwhelming majority of them are Windows zombies! |
43 |
|
44 |
And finally, my mail servers are mine and I make decisions about them, not |
45 |
someone else. |
46 |
|
47 |
-- |
48 |
alan dot mckinnon at gmail dot com |