| 1 |
On Friday 04 September 2009 17:23:15 Stroller wrote: |
| 2 |
> You may be in a slightly exceptional position in that the bandwidth |
| 3 |
> cost - of syncing to Spamhaus and the additional DNS lookups - may be |
| 4 |
> prohibitive. UCLA are not. |
| 5 |
> |
| 6 |
> Whatever the proportion of legitimate mail this policy rejects, this |
| 7 |
> policy DOES reject legitimate mail, and that's pretty lame because |
| 8 |
> there are other ways to achieve the goal (reduction of spam) without |
| 9 |
> that side-effect. |
| 10 |
> |
| 11 |
> If you read postfix-users then you'll find many mail administrators in |
| 12 |
> a similar position to your own (dealing with millions of messages |
| 13 |
> daily) on that list, and that simply blocking home DSL connections is |
| 14 |
> not very popular amongst them. It's not considered a cool policy |
| 15 |
> because it's inefficient. I am not an expert on this subject - I'm |
| 16 |
> pretty sure there are other methods which will identify legitimate |
| 17 |
> hosts versus spammers which should be implemented before this one, but |
| 18 |
> I do not know the details. |
| 19 |
|
| 20 |
Every other solution out there has this one little problem that people seem to |
| 21 |
ignore. |
| 22 |
|
| 23 |
Per RFC, if you accept the connection and the mail, you will deliver it. |
| 24 |
That's what it says. It also says this since days long before spam problems, |
| 25 |
but still. We all conveniently ignore this if we are talking about what *we* |
| 26 |
consider spam, and by "we" I mean "everyone who cares to take an interest |
| 27 |
except the actual recipient". |
| 28 |
|
| 29 |
Yes, that's what it reduces down to. The recipient cannot by definition be |
| 30 |
part of the anti-spam process as the mail is discarded before he/she can see |
| 31 |
it. Yet we accepted the mail implying that we will deliver it... |
| 32 |
|
| 33 |
Best policy is to stipulate in the ISP's terms of service that you will not |
| 34 |
accept inbound mail connections from range you feel you cannot trust and users |
| 35 |
must use their ISPs mail relay instead. Instantly, 85% of the problem goes |
| 36 |
away, and I have numbers to prove it. Plus, it's very hard to police |
| 37 |
individual users out there, but if they use the ISP's relay instead I have a |
| 38 |
single point of contact. They will then police their own users (otherwise I |
| 39 |
cut their mail link), just like I police my own outbound users. |
| 40 |
|
| 41 |
And why is a user on a DSL range running a mail server anyway? The vast |
| 42 |
overwhelming majority of them are Windows zombies! |
| 43 |
|
| 44 |
And finally, my mail servers are mine and I make decisions about them, not |
| 45 |
someone else. |
| 46 |
|
| 47 |
-- |
| 48 |
alan dot mckinnon at gmail dot com |
Archives