[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0

Bill Cole asrg3 at billmail.scconsult.com
Sat Mar 3 18:42:22 EST 2007 

At 2:57 PM -0600 3/3/07, Al Iverson wrote:
>On 3/3/07, Bill Cole <asrg3 at billmail.scconsult.com> wrote:
>>At 1:07 PM -0600 3/3/07, Al Iverson wrote:
>>
>>>With a blacklisting, I get a bounce back and can find somebody to
>>>argue with. With the common method of implementing a content filter,
>>>my mail is quietly eaten and I get no information back regarding the
>>>failure to deliver the mail to end recipient. This is worse than IP
>>>blacklisting; less transparent; less obvious; less opportunity for
>>>feedback and investigative recourse.
>>
>>That's not an uncommon way of deploying content filters, but it is a
>>diminishing model.
>
>Do you have any data to support that it's a diminishing model, or on
>what % of spam is content rejected with a bounce?

All I have is anecdotal evidence, i.e. I know of sites that have 
switched from discard/quarantine/asynch bounce approaches to 
synchronous filtering at DATA time and rejecting then, and I know of 
none that have switched in the other direction. In addition, I can 
see the fact that user pressure has gotten before-queue approaches 
(now including Milter) into Postfix despite the publicly expressed 
misgivings of Wietse Venema about failure modes. I also can see that 
if one goes looking for cookbooks on how to put together a mail 
system that deals with spam, the answers today mostly are synchronous 
DATA-time filters, not after-queue approaches.

>I agree that some work this way (and I like the change), but I look at
>many thousands of bounces a day, and it's still exceedingly rare.

There are always sampling issues. I don't think my sample is 
inherently any more valid than yours, but

Imagine a world where you have 2 classes of mail receiving site: some 
have filters set up and administered cluelessly and others have 
filters set up and administered by someone clueful enough to 
understand the two simple ideas that one should never trust the 
purported sender on mail that is deemed malicious and that one should 
avoid blackholing mail. Would you expect to see those classes 
bouncing the mail that you are responsible for at the same rates?


>There area a lot of Barracuda-like things in the world, who accept the
>mail before doing anything else, and their only chance to send a
>bounce (in how they're implemented currently), is after the fact,
>which has its own obvious set of problems.


And there are a lot of Mirapoint boxes, and Sendmail and Postfix 
installations pumping mail through SA at DATA time.

People doing stupid things (like being a Barracuda customer) are 
going to be more obvious problematic and more difficult to deal with.
-- 
Bill Cole                                  
bill at scconsult.com

More information about the Asrg mailing list