[lug] Getting mail out of the Qwest/MSN mire

Sean Reifschneider jafo at tummy.com
Sat Jul 8 21:34:21 MDT 2006 

On Fri, Jul 07, 2006 at 06:49:56PM -0600, Collins Richey wrote:
>Fortunately most services appear to do content blocking rather rthan

Sadly, content blocking is not an easy solution to the problem.  First of
all, content blocking is much, much more expensive to do.  Content scanning
takes many orders of magnitude more resources to run against a message than
blacklisting or even greylisting.  Also, content analysis doesn't work that
well, and also leads to plenty of false positives, just like blacklisting.

Several years ago, we were much more kind in our spam blocking.  It was
killing us.  I, personally, was getting over 700 messages a day in my
quarantine folder, and something like 30 to 60 a day in my main mailbox.
I get around 60 messages a day that are things I have to take care of
(in other words, not mailing lists, people sending me messages).  So,
about 30% to 50% of messages in my main mailbox were junk.

And 10x more than that was coming in as potential junk, that I needed to
sift through to see if it was legitimate.  These were things that weren't
obviously spam, in other words, things that scored less than 10 on
SpamAssassin.  There was no way I could keep up with the quarantine folder.

And Evelyn had it even worse, with something around twice those numbers
(well over a thousand a day in her quarantine).  Worse, our e-mail system
couldn't keep up with the content scanning because of the sheer volume we
were getting.

E-mail is my primary communication method, so this is a huge deal.

I eventually got to the point where I felt we had no choice but to start
being extremely aggressive on spam.

It was a very tough decision, especially for me.  I come from the old days
when you *NEVER* got anything but legitimate mail.  You know that part in
the RFCs for e-mail about how an MTA must never drop e-mail?  We took that
very seriously back in the '80s.  Today, if your mail server doesn't drop
worms/viruses, it's part of the problem, not the solution...  Sending a
bounce on a virus is bad form.

So, if you are on a spam haven IP block, and I define DSL/cable/DUL blocks
at ISPs who do not police their clients outgoing spam to qualify as, you
should expect to be blocked.  Complain to your ISP about them being a
haven, don't expect the rest of us to have to put up with 700 messages a
day to dig through.

Sean
-- 
 This must be where pies go when they die...
                 -- Special Agent Cooper, _Twin_Peaks_
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability

More information about the LUG mailing list