On Tue, 20 May 2003, Michael Rubel wrote:
There are strong reasons to prefer accept-then-bounce or even filter to
reject.
(1) Reject gives feedback about your system to would-be bad
guys--including dictionary spammers--in a much faster and more
reliable way. Sysadmins rightly want to give out as little
information as possible, because that's standard practice anywhere
security is involved.
(2) Reject is a less flexible mechanism. Accept-then-bounce or filter
allows recipients to work around certain obselete or overzealous
systems.
(3) Senders have come to understand that messages get incorrectly
filtered as spam sometimes; they no longer expect to recieve an
immediate rejection if there is a problem delivering a message.
Does everyone doing wrong have to work so hard to entice others into sin
as some members of this list are wont to do?
Accept and discard is a very bad system. I understand that some software
will do content filtering no other way, but that doesn't make it worthy
of advocacy.
If you use it, primarily your customers/users will be the losers, but why
encourage others to do the same? It raises the possibility of false
positives disappearing into black holes into a certainty, removes any
chance of directing the customers of spam friendly ISPs to instructive web
sites explaining why their mail was rejected, and generally relieves
spam-friendly ISPs of ever having to explain to customers why their mail
is being lost.
Is it possible to seriously claim it is a "security precaution" - there is
no shame on this list?
If widely adopted, it would discourage rather than encourage spam
prevention technology, as all missing mail would be blamed on spam
control.
With respect to (3), legitimate users may not expect immediate rejection,
but they expect some notice, and a DSN notice for spam is not very
practical, since there is no verifiable address to send it to. Do you send
a DSN for undeliverable spam? For deliverable spam?
Now that half of email is spam, is it really believable that accepting all
mail and processing spam rejections later will increase capacity?
Lastly, the last time I looked at the Maps site, they had instructions for
virtually every MTA written in the last decade, and many earlier ones. So
at the very least, RBLs can be used (and will reject at SMTP dialog) by
nearly any site. It is only content based filters that may not be easily
used before the connection is completed.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg