Re[2]: Log, but don't tell

[Robert Menschel <Ro...@Menschel.net>]

Hello Jon,

Saturday, August 7, 2004, 9:08:30 AM, you wrote:

JF> Okay.  I can appreciate this argument (having worked in large companies
JF> myself).  But I don't know that this method would be as well applied in my
JF> environment.  In a big company (or in any company), you're far safer
JF> inconveniencing your users (i.e., tagging and releasing) because of the
JF> danger of bouncing back false positives.

Agreed.

JF> This is a home environment.  My users never want to be bothered with spam.
JF> They don't want to have to set up filters on their clients.  They never want
JF> to see it.  Here, I've found that it's far easier to address the occasional
JF> false positive with the sender.

I manage emails/spam for three domains, 1) contractorswarehouse.com
corporate domain, 2) xeper.org NPO domain, 3) menschel.net family domain.
I do not bounce ANY spam.  I also do not tag/release spam for any of
these three. ALL spam for these domains is dropped into a spam bucket for
that domain, which I review weekly. All FPs are cleaned up and manually
forwarded (maybe 6-7 a year). All emails captured (all spam, all ham not
directed to secured email accounts) are fed to sa-learn.

JF> As far as saving the environment, I'm well familiar with the fact that a
JF> HUGE percentage of spam has a spoofed e-mail address in its envelope and
JF> header, thus making bouncebacks pointless.  However, for the sake of the
JF> sender, a bounceback seems the most logical way to let a false positive know
JF> that their message has not been received.  This is why I would bounce back
JF> rather than, say, just drop the message.

If you review rather than delete, then there should not be any loss of
emails, especially in a family environment. Bouncebacks are one of the
largest sources of spam (automated undesired emails).

JF> I'm open to arguments either way. I certainly want to focus on what's most
JF> productive for the anti-spam community.  But I'm really more interested in
JF> an answer to my original question.  Does anyone know how I might do this?

No.  If your family system wrongly bounces spam to my family system, your
family system will be added to my blacklist. That is my defense against
systems that send me bounces for spam we didn't send. You may or may not
consider that to be counterproductive, but that is the action I take, and
I take it for all three domains.

Bob Menschel