HI.
John Rudd <[EMAIL PROTECTED]> wrote on 01/17/2007 07:11:51 PM:
Dropping without notifying _anyone_ is "an even worse practice". You
don't have to notify the sender, as long as you notify the recipient
(and visa versa).
Which is just another piece of annoying email in the inbox. Why bother
removing the spam if your just going to deliver a message held email in
its place?
Here is my approach (I guess other implementations are similar):
Known Virus = discard silently.
Bad filename (or unknown virus) = replace the attachment with a warning.
The recipient gets the message without the attachment.
High score spam (score >10) = Reject message.
Probable spam (5 < score < 10) = Quarantine the message in a spamdrop.
However a daily report is sent to the end user, listing all the
quarantined messages with information such as sender+subject.
Other mail = let it through.
So, if a user is receiving 100 spam messages, 90% of them are normally
blocked as high score spam,
and 10 "probable spam" go to the spamdrop.
The user will get a day after only 1 email message with a short list of
the 10 probable spam message,
so he can look for false positive.
That is 1 message per day for about 100 spam (10 probable spam) messages.
Most spam is filtered, but in case of false positive either the sender
or recipient has a chance to know about it.
I think that this is a good trade-off for the end users and the sysadmin.
Yizhar Hurwitz
http://yizhar.mvps.org
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
