LuKreme wrote: > On 21-Oct-2009, at 14:31, Bowie Bailey wrote: >> If you can do the spam and virus scanning during the original smtp >> transaction, you can reject viruses and high-scoring spam with a 5xx >> error at that point, but once your server accepts the mail, your choices >> are to deliver it (to the inbox or a spam folder) or delete it. > > > And if you are accepting mail for other people, think long and hard > before you delete it. You are much better off tagging it and > delivering it to a spam mailbox and letting the user either delete it, > recover it, or ignore it. You could do something like delete all > messages in the Spam folder after 7 days, or 21 days; but once you > accept an email for someone else, you had probably best deliver it to > them, regardless of how sure you are it's unwanted because sure > enough, at some point you'll be wrong and it will, of course, be the > most important email your client ever got and they have to have it > right now or they will lose a $15,000,000 deal and what the hell are > you going to do about it and who cares if it scored 42.9 in SpamAssassin?
True. I only delete spam for customers who have serious spam problems and only then after having a discussion with them regarding the possibility of lost mail. I scan and add the SA headers to everything that passes through my server. It is then up to the customer to configure their MUA to sort out the spam. For customers that get lots of spam we do a combination of delivering low-scoring spam to their POP mailbox, holding higher-scoring spam on the server for two weeks, and (optionally) deleting spam with the highest scores. The score ranges are determined on a case-by-case basis, but are generally something like 5-10, 10-20, and 20+. This is in addition to an MTA block on the Zen blacklist (which I have yet to have any complaints about). -- Bowie
