Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
Matthew Sullivan
matthew at sorbs.net
Wed Apr 12 23:48:37 UTC 2006
Steve Thomas wrote:
>Earlier today, I said:
>
>
>>Unless you're the final recipient of the message, you have no business
>>deleting it. If you've accept a message, you should either deliver or
>>bounce it, per RFC requirements.
>>
>>
>
>I just want to clarify that I was in no way suggesting that anyone bounce
>spam - I was merely pointing out that if you choose to 250 a message, you
>have to deliver it. The much better option is to 550 it after DATA if you
>don't like what you see. Silently deleting other people's e-mail should
>never even be considered.
>
>
This policy I whole heartedly agree with, and I strive where ever
possible to enforce this in every place I work, where ever people get
listed in SORBS for backscatter, I work with them telling them how they
can do this....
With the current technologies available there is no reason a
small-medium organisation cannot virus and spam scan mail inline at the
SMTP transaction stage. (Even the barracuda's can spamassassin scan at
around 8 messages per second - my previous employment were receiving
around 4 messages per second - which translated to 1-2 million emails
per day)
It is possible to do inline scanning in larger ISPs (I personally have
configured a 'system' to handle upto 90 message per second inline
scanning) - though it requires a lot more planning, thought, and careful
consideration.
Regards,
Mat
More information about the NANOG
mailing list