On Wed March 4 2009 08:48:18 Paweł Leśniak wrote:
But then we come to definition of spam. It's in simple words unwanted
message.
Too simple, and not correct. The true definition of spam is UBE:
unsolicited bulk email. Most spammers put out messages that a tiny
percentage of recipients want to see. It's how they keep making money
at it.
And where do you see the difference between unwanted message and
unsolicited bulk email? Word bulk here does not matter in terms of
single email address - you don't know (often) if this is one message of
many sent or just a single mail, as long as given sender gets
blacklisted or you start getting same mail at many different addresses.
Postmasters who fail to understand what spam is contribute to the
problem, which is this: email has become nearly unusable for many
people, and would be unusable for everyone without sane strategies to
control the spew. I bet 95% of all SMTP traffic is abuse.
At my servers it's about 90-95% percent of connections which get rejected.
Also IMHO I'll get much more "false positives" with zen then with
authentication if for example I'd be interested in getting money and
medicines offers. We get here to definition of "false positives"
which can be very different for different customers. And that leads
For the most part, I don't care what the end user thinks, for reasons
implied above. If they solicited email from a legitimate (i.e., not
listed on SBL and not using zombies) bulk sender, they'll get it. If
they solicited email from a spammer, oops, it's blocked.
We all owe it to the Internet to limit spammers' access to our
clue-deprived users who might otherwise help keep them in business.
true
I try to explain it to them. No, it's not easy. No, I am not managing
any large sites at the moment, but if I was, I'd put up explanations
with links on a http://postmaster.example.com/ Web site.
Most people who claim that Zen gives "false positives" are not using
reject_rbl_client properly. Obviously, you do not reject_rbl_client
before permit_sasl_authenticated. But in your case I don't know what
you're saying. I think the issue of authentication that you bring up
might be irrelevant, except perhaps for the narrow "issue" of sender
equals recipient. I haven't noticed a significant problem with such
spam, which is probably attributable to Zen.
I'm not saying zen gives "false positives" which I (or better users of
my servers) think are not spam. But if one says that mail sent with
spoofed sender is correct then it's not fine with me.
I do not allow mails from client addresses without DNS entries (why
don't they use correctly configured mailserver), etc. One can say that
I'm rejecting many false positives. Maybe. But I'm rejecting those
messages. If sender wants to send legitimate email to me and gets
rejected, he should get reply from his server about rejection. If this
is the case, then "the ball is on his side". In terms of business mails,
one will say that after rejection, the other side will just think we are
not worth cooperation. That's not true, because it's better to get
rejection instantly then wait few days while recipients finds the
message in spam folder for example.
Looking at first email in thread carefully you'd see that Dave has (or
had) problem with spam sent from j...@foo.com to j...@foo.com. And that's
the case where authentication will do the job perfectly - IMHO way
better then zen.
Pawel Lesniak
