Spam Blocking (was: "Re: Re: Comcast blocking mail to its customers")

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: October 16, 2008 10:55:40 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Spam Blocking (was: "Re: [IP] Re: Comcast blocking mail to  
its customers")


Dave and all,

This is a complicated area, given that Internet mail cannot be
classified as "reliable" in any kind of formal sense.

My policy has always been to return spam/virus/etc. rejects at SMTP
time.  When occasional false positive rejects block someone's mail,
I want them to know immediately.

I understand the scalability issues, but as e-mail is increasingly
used for important applications (admittedly, often in situations
where it really should not be used!) a single lost e-mail can have
serious ramifications.

My view is that it's important whenever possible that the sender
know about the reject immediately (or at least very shortly
afterwards -- and that this does not require action by the
addressee) so that the sender can use alternative means to get
through.  Dropping e-mail into the trash or into folders where they
may not be reviewed for days (if ever) presents a number of risks
for anyone who uses e-mail for important purposes.  Nor does this
tell spambots that the address was rejected, so they'll likely keep
using it (they may anyway, but I've found rejecting at SMTP time
does help fight some spam).

Also, it is *not* good enough just to reject at SMTP time without
explaining to the sender how they should proceed if they've been
falsely rejected, especially in this age of so many people blocking
their domain WHOIS data so you can't easily figure out an alternative
way to reach them on your own.  There are few things more obnoxious
than seeing a reject like (actual reply text):

550 Bugger Off Jerk

Now that's really helpful.

All mail rejects from my domains point to a URL that explains
exactly how to proceed ( http://www.vortex.com/mailblock ) and
provides a form to bypass the filters -- and information about
exactly what's going on.

There is one downside I've found to real-time SMTP spam rejects.
Occasionally someone will be falsely rejected, use the bypass form
to reach me, and be indignant that they were blocked.  I simply point
out that on most sites a false positive like that would have resulted
in their getting no feedback at all!  That usually neutralizes their
hurt feelings immediately.  Interesting bit of human nature, though.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com