On 12/10/2009 8:09 PM, Marty Anstey wrote:
Rejecting messages inline is a far better solution than generating a bounce or simply dropping the message. Most, if not all spam has a forged sender so generating a bounce is a very bad idea. Rejecting inline is much better than dropping message; at least that way the sender will get an NDR from their MTA.
Agreed. Never bounce, except to internal email addresses or in cases where you can prove that it won't result in backscatter.
Our solution to the original issue is that we simply quarantine extra-spammy messages in a special folder in each user's account, then we delete anything in there over 90 days old. We have to do it that way because we're doing post-queue spam-scoring, so it's too late to 5xx reject the message.
(We do as much SMTP time blocking as possible, using HELO checks, SPF checks, anti-virus filtering, and a few other tricks. Everything else gets fed to the spam filter and scored. Low scoring stuff goes in the inbox, high scoring stuff goes in a quarantine folder.)
