Our recipient users are not keeping up with their obligations in this
scheme and instead are blaming us. We are trying to both remove reliance
on the user and put the onus on the sender to fix their issues as most
of the email getting bounced is poorly configured MTAs on the sender side.
(We do as much SMTP time blocking as possible, using HELO checks, SPF
checks, anti-virus filtering, and a few other tricks. Everything else
gets fed to the spam filter and scored. Low scoring stuff goes in the
inbox, high scoring stuff goes in a quarantine folder.)
We are trying to combine these two steps. May as well spam score and
reject at the same time. It seems like the most reasonable solution if
it's technically possible.
Thanks,
Tom
Thomas Harold wrote:
On 12/10/2009 8:09 PM, Marty Anstey wrote:
Rejecting messages inline is a far better solution than generating a
bounce or simply dropping the message. Most, if not all spam has a
forged sender so generating a bounce is a very bad idea. Rejecting
inline is much better than dropping message; at least that way the
sender will get an NDR from their MTA.
Agreed. Never bounce, except to internal email addresses or in cases
where you can prove that it won't result in backscatter.
Our solution to the original issue is that we simply quarantine
extra-spammy messages in a special folder in each user's account, then
we delete anything in there over 90 days old. We have to do it that
way because we're doing post-queue spam-scoring, so it's too late to
5xx reject the message.
(We do as much SMTP time blocking as possible, using HELO checks, SPF
checks, anti-virus filtering, and a few other tricks. Everything else
gets fed to the spam filter and scored. Low scoring stuff goes in the
inbox, high scoring stuff goes in a quarantine folder.)
