my other FREQ of the day

John Rudd jrudd at UCSC.EDU
Sun Feb 16 21:50:42 GMT 2003 

> From: Julian Field <mailscanner at ECS.SOTON.AC.UK>
>
> At 11:10 16/02/2003, you wrote:
> >On Sunday, Feb 16, 2003, at 01:58 US/Pacific, Julian Field wrote:
> >>At 23:38 15/02/2003, you wrote:
> >>>3) somewhat related to #1 is that you cannot reject messages based
> >>>upon
> >>>results.  You can try to bounce them, after the fact, but that isn't
> >>>reliable (because you cannot trust the return addresses).  I'd rather
> >>>reject them outright.
> >>
> >>That's your MTA's job.
> >
> >Yes, it should be the MTA's job, but the decision about what to reject
> >depends upon (or, in an ideal world, would involve) the results of what
> >Mailscanner has found.  Sort of a chicken and the egg thing --
> >mailscanner wont make a decision until after the MTA has accepted the
> >message, but if mailscanner finds something bad, then the MTA might
> >want to reject the message ... except that it already accepted it.
>
> As you cannot trust the return addresses, the only thing you could do
> (other than deliver it, obviously) is to discard the message. And you don't
[snip description of how to discard messages]

Actually, if I were trying to throw away all offending messages, then
that's what I would do -- I would see if I could put a wildcard into
the "silently delete these viruses" feature (and request that ability
if I can't), I would set the spam and high-spam actions to delete, and
I would ask for a similar "actions" item for viruses, and file name
matches (that gives the same "store, deliver, delete, ..." options).

(actually, having those action items would be good, but not necessary
for _me_ because that's not my goal)


No, what I want is the option to refuse to accept high spam (things that
score over 10, in my case).  Not delete it, refuse it.  I'm not _bouncing_
it, as you suggest, but instead I'm forcing it to clog the sender's
mail queue.

If they're a spam relay (open or not), then it will disrupt their operations
over time, and they will be forced to a) find out why I'm refusing those
messages and thus find out that they're a spam relay, b) either stop relaying
spam to me or stop relaying spam all together.  Hopefully, that leads to
there being one less spam relay in the world.

If they're not a spam relay, but the actual spammers, then hopefully it
degrades the operation of their systems.


If enough people are _refusing_ these messages, then those spam relays and
spam senders will eventually end up with huge backlogs of messages and
systems which are not performing well as long as they're in the spam
business.


I agree that bouncing is useless.  You can't depend upon the claimed sender
address, and even if you could there's no guarantee that they'll do anything
with the bounce other than automatically delete it.  But rejecting isn't
anywhere near the same thing as bouncing.  Rejecting leaves it sitting in
the sending-relay's queue, taking up the sending-relay's resources, until
the sending-relay starts being proactive about handling spam.  If they're
a high-spam-volume site, then they'll quickly have problems ... if they're
low volume, then it might just be a minor annoyance to them.  That seems
to me to be about right.

More information about the MailScanner mailing list