> On 23 Apr 2019, at 06:26, Brandon Long via mailop <mailop@mailop.org> wrote:
> > The second is that it is impractical to ascertain whether a message is > > spam or not during delivery time in all cases. A decade ago, the reason > > was because we had to OCR images contained in power point presentation > > spam, now there are services where anti-malware services are opening > > Word files on clean VMs, or anti-phishing/malware where the service has > > to follow each link through a headless web browser with full javascript > > running. > > Why not get the message, give the sender a proper "please come again > later", do OCR or whatever resource intensive scanning and allow or > block the file based on a hash the next time it comes in? > > How long til the message comes through again? RFC 5321 says to wait > at least 30 minutes, do you think your enterprise users want to wait at 30 > minutes > for the message? I’ve recently heard reports from a reliable source that they are seeing links followed / clicked (usually all the links in a message) a few hours before the mail is actually delivered. What appears to be happening is that some corporate filters are rejecting after DATA, but taking a copy of the message and doing some deep content inspection. If the content passes, then it’s accepted on a subsequent delivery attempt. Temp failing is a long established way to handle spamfiltering. I don’t think Google does much of it at SMTP time. But other places have aggressively adopted “temp fail” as one of their spam fighting mechanisms. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
