From = to

Alan Fiebig mailscanner at ELKNET.NET
Sat Jul 19 23:04:57 IST 2003


I can't hand examine 66,000+ quarantined spams per day.

I also can't afford to blindly delete. Far to many potential instances have already arisen where a customer 'Wanted' the spam, and only knew it was being filtered because the bounce wnet to the sender, who notified the recepient. We deal with about a dozen complaints per day from those that receive the bounce messages and want to resolve the issues. Sometimes we whitelist them, sometimes our customer opts-out of our filters, sometimes the sender adjusts their message. So the bounces ARE working and necessary for me.

Tag only is also worthless for the vast majority of my customers. They would have no idea what to do with the tag, they would simply be getting all the spam like always. Setting client filters to sort or delete based upon a tag is beyond them.

Thanks for the reply though.

>My suggestion would be to not use bounce at all. The way it's done in
>MailScanner (which is really the best that MS can do) is pretty much
>hopelessly broken and abuses other networks.
>
>99.99% of spam has a forged From: address, so bouncing these messages
>increases the severity of joe-jobs. The only useful function it provides is
>in the case of a false positive, the sender is notified. However, if your
>false-positive rate is reasonable, at least 99% of your bounce messages are
>just going to some poor guy that got joe-jobbed.
>
>That's a "more harm than good" situation by a ratio of approximately 100:1.
>
>silent deletion isn't exactly a good idea either, but it's at least it
>isn't dumping your spam problems back onto another network.
>
>I'd say best practice is to tag-only or quarantine for hand review.
>Bouncing with MS is just a bad idea that is only attractive to those who
>like to litter in other people's yards.



More information about the MailScanner mailing list