From: "Skip Brott" <[EMAIL PROTECTED]>
I have found this whole line of debate somewhat interesting, but it has
clearly strayed from the real core question:
Who is responsible?
Is it the responsibility of the sender to verify that they indeed intended
to send the email?
Or is it the responsibility of the recipient to verify senders?
My personal opinion is that it is the latter. If I send an email to a
valid
address, I find it a bit offensive that they send a challenge back. Why
is
it my responsibility as the sender to teach another system to accept mail
from me?
Would it not seem a lot more appropriate for the recipient to be the one
to
manage this? The premise is the same, but it places the burden on the
recipient to make the determination - which, imho, is where the ultimate
responsibility lies.
I don't utilize blacklists on our system based on the same rationale. I
don't want something completely outside of my control (i.e. spamhaus,
spamcop, etc) determining whether or not my email server should accept
email
from a particular host. While this adds some additional load to our
system,
I would much rather allow the filtering rules to make the determination
based on content not strictly on a host address.
Using block lists without scoring is utterly stupid. Using block lists
without secondary criteria is utterly stupid. As part of SpamAssassin
block lists work remarkably well, especially if you select the block
lists carefully, as is the default SA configuration.
Of course, if you use blocklists, or for that matter rules, it is very
wise to use sa-stats.pl to monitor the SpamAssassin performance to find
which rules are particularly effective and which rules have decayed into
being useless. I've removed rules and block lists on that basis before.
(And no amount of mass checking can adequately tune rules for use with
block lists simply because masses that are checked against are not as
"fresh" as the mail coming through your site. They can approximate. But
over time you can get a sense that there are tuning errors that need to
be tweaked.)
(Of course, if you have customers and you become "too good" they will in
time demand you maintain that level of "too good" even when the spammers
adopt clever new techniques - one such I may have just defeated here with
some meta-rules.)
{^_^}
