[89938] in North American Network Operators' Group
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Wed Apr 12 19:49:23 2006
Date: Thu, 13 Apr 2006 09:48:37 +1000
From: Matthew Sullivan <matthew@sorbs.net>
In-reply-to: <51380.64.52.111.11.1144867202.squirrel@64.52.111.11>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Steve Thomas wrote:
>Earlier today, I said:
>
>
>>Unless you're the final recipient of the message, you have no business
>>deleting it. If you've accept a message, you should either deliver or
>>bounce it, per RFC requirements.
>>
>>
>
>I just want to clarify that I was in no way suggesting that anyone bounce
>spam - I was merely pointing out that if you choose to 250 a message, you
>have to deliver it. The much better option is to 550 it after DATA if you
>don't like what you see. Silently deleting other people's e-mail should
>never even be considered.
>
>
This policy I whole heartedly agree with, and I strive where ever
possible to enforce this in every place I work, where ever people get
listed in SORBS for backscatter, I work with them telling them how they
can do this....
With the current technologies available there is no reason a
small-medium organisation cannot virus and spam scan mail inline at the
SMTP transaction stage. (Even the barracuda's can spamassassin scan at
around 8 messages per second - my previous employment were receiving
around 4 messages per second - which translated to 1-2 million emails
per day)
It is possible to do inline scanning in larger ISPs (I personally have
configured a 'system' to handle upto 90 message per second inline
scanning) - though it requires a lot more planning, thought, and careful
consideration.
Regards,
Mat
