Which is exactly what framed the tenor of my question when I originally asked it. Very Large Providers operate at a scale and under commercial pressures that most of us (including me) cannot even imagine.
-- Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) DTMB, Michigan Cyber Security -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise Sent: Tuesday, March 29, 2016 21:21 To: Rich Kulawiec <r...@gsp.org>; mailop@mailop.org Subject: Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears. OF COURSE! THAT'S THE SOLU... Oh wait, that means we have to get 10x the number of servers ... and data centers. Management won't like that. So many people think that the things that work just spiffily when everything you do fits on a single mail server, will scale across a cluster that has tens if not hundreds of thousands of machines. In dozens of data centers. Geographically dispersed around the planet. They don't. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rich Kulawiec Sent: Tuesday, March 29, 2016 6:06 PM To: mailop@mailop.org Subject: Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears. On Wed, Mar 23, 2016 at 10:16:11AM -0700, Michael Peddemors wrote: > For instance, if it believes > the message is spam, and the recipient has requested that 'all' > email be forwarded to a remote account, forwarding that email could > make it appear that the forwarder is the source of spam. Solution: reject it (as spam) during the SMTP connection. Don't (knowingly) forward spam to anyone, anywhere, anytime. (If someone is doing research and wants you to deliver it locally: fine.) > Should you deliver malicious or harmful vectors to a person's email > box? (Eg, a Virus laden attachment?) Solution: scan it and reject it during the SMTP connection. There's no point in delivering such traffic to anybody, even to those who are smart enough not to use highly vulnerable mail clients and operating systems. (Same comment as above in re research.) > What if you are in jurisdiction where delivering emails of a specific > content is illegal? Solution: scan it and reject it during the SMTP connection. If it's illegal to deliver, it's probably illegal to possess: so arrange matters so that you don't. > What if the recipient has indicated that he wants it dropped, rather > than be delivered? Solution: do not offer this option. Yes, there are *still* edge cases where mail gets dropped: the one that occurs to me is spam addressed to a mailing list which makes it by all perimeter defenses and arrives in the list's queue. (Where it may be held for moderation; any well-run list does so with messages that don't originate from subscribed addresses.) Obviously it can't be rejected any more, because the SMTP connection is closed. And it sure shouldn't be distributed to everyone on the list. So the only viable option here is to drop it. But the cases above are better handled either by policies that avoid them or by the scanning that's done while the original SMTP connection is open. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c5ea9534123d1437e25d608d35838cebb%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=5ERMlSm8JTfM8HAOEpHuW7QRRF%2fD7RIfnkeeW%2bEIdV4%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
