I am quite solidly in the second group (am I alone).
A third group includes:
3/ Those who believe that mail should be delivered or rejected at the SMTP
stage, but not discarded or returned to the envelope from.
Initial filtering CAN and should be done at the SMTP level such as
DomainKeys SPF etc. the assumption is forged return addresses = spam. thats
an acceptable assumption (domain validation must also account for
forwarding).
I also believe that virus filtering be added at the SMTP stage. I received
over 200 viruses today alone.
Other filtering can be at the SMTP stage to keep blatant spam off the
network.
but not discarded or
So who holds the mail if its not discarded and for what purpose?
or returned to the envelope from.
Failing to return the mail helps stop spammers from probing the system, it
also prevents legitimate senders from knowing their mail failed to go
through. Spammers will always be able to probe the system by simply setting
up some test accounts so nothing is gained at all.
A demand that spam detection never make a type II error is hardly
different from a demand that spam be tolerated. The 3rd group ensures that
mail will not be lost, even if some is not delivered. It does rule out (1)
spam detection at the MUA level, (2) spam detection as a low priority
background process on the MTA and (3) the sending of discard notices to
forged envelope from addresses.
What you are describing is group 1.
(1) To rule out spam detection at the MUA is to say "we know better than
you" to the recipient. so is firmly group 1.
(2) Spam detection has to become priority at all steps MUA and MTA,
currently its mostly at the MUA level some of that burden should be lifted.
(3) With Domain Keys or SPF (etc.) forged return addresses are not an issue.
If my machine has been zombified and is sending out spam I would WANT TO
KNOW so I can fix it. Even if domain validation is only good to the ISP
level if I start receiving spam alerts I can ask my ISP whats going on and
they can use their logs to trace the real culprit. either way the source is
quickly identified.
Both the group 1 and group 2 camps are broad in their implementation. its
the overriding emphasis that concerns me.
I personally see group 1 as a holier than thou approach. (no offense
intended) but it assumes that the filter writer knows better than the end
user as to whats good for them.
Chris
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg