On Friday 04 September 2009 17:23:15 Stroller wrote: > You may be in a slightly exceptional position in that the bandwidth > cost - of syncing to Spamhaus and the additional DNS lookups - may be > prohibitive. UCLA are not. > > Whatever the proportion of legitimate mail this policy rejects, this > policy DOES reject legitimate mail, and that's pretty lame because > there are other ways to achieve the goal (reduction of spam) without > that side-effect. > > If you read postfix-users then you'll find many mail administrators in > a similar position to your own (dealing with millions of messages > daily) on that list, and that simply blocking home DSL connections is > not very popular amongst them. It's not considered a cool policy > because it's inefficient. I am not an expert on this subject - I'm > pretty sure there are other methods which will identify legitimate > hosts versus spammers which should be implemented before this one, but > I do not know the details.
Every other solution out there has this one little problem that people seem to ignore. Per RFC, if you accept the connection and the mail, you will deliver it. That's what it says. It also says this since days long before spam problems, but still. We all conveniently ignore this if we are talking about what *we* consider spam, and by "we" I mean "everyone who cares to take an interest except the actual recipient". Yes, that's what it reduces down to. The recipient cannot by definition be part of the anti-spam process as the mail is discarded before he/she can see it. Yet we accepted the mail implying that we will deliver it... Best policy is to stipulate in the ISP's terms of service that you will not accept inbound mail connections from range you feel you cannot trust and users must use their ISPs mail relay instead. Instantly, 85% of the problem goes away, and I have numbers to prove it. Plus, it's very hard to police individual users out there, but if they use the ISP's relay instead I have a single point of contact. They will then police their own users (otherwise I cut their mail link), just like I police my own outbound users. And why is a user on a DSL range running a mail server anyway? The vast overwhelming majority of them are Windows zombies! And finally, my mail servers are mine and I make decisions about them, not someone else. -- alan dot mckinnon at gmail dot com