LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Spam folders considered harmful

Spam folders considered harmful

Posted Jan 7, 2010 10:56 UTC (Thu) by dwmw2 (subscriber, #2063)
Parent article: The SAY2K10 bug

"Your editor, receiving 5,000 spams every day, has long since stopped scanning the spam folder for false positives; even if they exist (which they almost never do), they represent a needle which is almost impossible to find in a haystack that large. So email classified as spam is, for all practical purposes, simply lost."
This is why having a spam folder is often a bad idea. It's much better just to reject the offending mail so that when false positives happen, the sender gets a bounce and knows that the mail wasn't received.

(Log in to post comments)

Spam folders considered harmful

Posted Jan 7, 2010 11:32 UTC (Thu) by fluke571 (guest, #57515) [Link]

You cannot just reject mail, once body was sent. You can only send bounce afterwards, but since 99,9% of From: fields are fake/random, you effectively become a spammer if you're doing this.

Spam folders considered harmful

Posted Jan 7, 2010 11:43 UTC (Thu) by dwmw2 (subscriber, #2063) [Link]

You are mistaken. You can quite happily give a 5xx rejection message after DATA — or a 4xx temporary rejection, if you've decided that the mail is suspicious enough to warrant greylisting, but not bad enough that you want to reject it outright.

Spam folders considered harmful

Posted Jan 7, 2010 11:48 UTC (Thu) by jschrod (subscriber, #1646) [Link]

> You cannot just reject mail, once body was sent.

Huh, why not? Failure codes 552, 554, 451, and 452 are valid after <CR>.<CR>, according to RFC 821, section 4.3.

Spam folders considered harmful

Posted Jan 7, 2010 12:46 UTC (Thu) by anselm (subscriber, #2796) [Link]

By way of clarification, I think the upstream comment meant »once the mail has entered the local queue«. It is possible to reject a message while it is being submitted, but once the local MTA has accepted responsibility for it it can only be bounced, which as has been noted will in most cases inconvenience those people whose addresses the spam claims it is being sent from.

To reject spam rather than bounce it, one needs to run anti-spam software while the message is still in the process of being read, where the more common setup is to run the anti-spam software after the message has been accepted locally but before it is delivered to the addressee's mailbox. Depending on the checks the anti-spam software performs (especially ones that access the network), pre-queue checking may be a resource-intensive process, so it requires careful configuration.

Spam folders considered harmful

Posted Jan 7, 2010 13:07 UTC (Thu) by jschrod (subscriber, #1646) [Link]

Well, http://www.dontbouncespam.org/ says it best.

Spam folders considered harmful

Posted Jan 7, 2010 13:19 UTC (Thu) by dwmw2 (subscriber, #2063) [Link]

Well, with the exception that it seems to be suggesting that people use backscatterer.org. It does admit that that list includes servers which only do sender verification callouts and don't actually send bounces, but then in the very next sentence says "That list can be used to reject just unwanted NDNs.", which is obviously false.

Backscatterer.org is definitely best avoided, because it deliberately includes these false positives.

Besides, there are much better ways (PRVS/BATV/etc.) to avoid unwanted bounces.

My setup for that is documented here, although it can be done more simply now that Exim has built-in PRVS support. In short, the way it works is that I never send MAIL FROM:<dwmw2@infradead.org> and thus I never accept bounces to that address. And anyone who does sender verification callouts doesn't accept mail that's faked from my address either.

But we digress...

Spam folders considered harmful

Posted Jan 7, 2010 14:23 UTC (Thu) by jschrod (subscriber, #1646) [Link]

I didn't want to imply that backscatter handling is described there best, but that the reasons why (a) one shall reject spam, not bounce it, and (b) that spam rejection after DATA is explicitely allowed by RFC 5321, contrary to the statement by fluke571.

Spam folders considered harmful

Posted Jan 7, 2010 14:54 UTC (Thu) by ballombe (subscriber, #9523) [Link]

In the case at hand, it is possible to grep the spam folder for messages with score <= 8.5 or even to rescan them with a fixed spamassassin.

Even if you decide to reject spam, keeping a copy in a spam folder allow to assess the behavior of the spam filtering system, and recover from failure.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds