On Tue, 1 Aug 2006, John D. Hardin wrote:
On Tue, 1 Aug 2006, Ramprasad wrote:
How about sending "450 Please Try later" to ever mail with an inline image and then somehow verify if it really comes back.
If some spammer MTAs are going to only try delivery once, why expend heavy resources on your end (a full SA scan) to decide whether to TMPFAIL the message just to see if they do? Just install milter-greylist and lose *all* of the lazy-spammer traffic regardless of whether or not it is multi-image-only format.
The two approaches have different costs but also different benefits. Content scan before tempfail has the benefit that it reduces the set of messages for which there is a delay. Pure greylist has the benefit that it saves the work of doing content scans. Basically, doing a content scan before tempfail gives you some extra benefits but has some extra costs. Whether it's an appropriate solution depends on whether those benefits (reduced chances of a legit message being delayed) are worth the cost in CPU time and network bandwidth. And that depends on your situation. If you are a small organization with an underutilized server (say, a modern machine that handles only 5000 messages a day), you might be willing to use double or triple the CPU time and double or triple the bandwidth to improve your spam detection accuracy from (say) 97% to 99%. If you are a large ISP with servers that keep up with their load but don't have much resources to spare, it might be important to you to reduce the load on your servers. - Logan
