> I would never do this. My rule is very simple, anything we accept gets > delivered to the user. Anything we reject gets rejected during the SMTP > transaction. If it is LEGITIMATE mail, the sender will see the rejection. This simple rule ensures a timely notification of the sender if something is wrong and I implement it like this, too.
@Brent: If your users never (or very seldom) look into the spam folder or periodically clear it without manually sorting it, all legitimate mail in the spam folder will get lost without sender and recipient ever noticing. If no spam folder is used but rejects, the sender will get notified and can try to reach the recipient via some other communication channel. At least in germany this has legal implications, too. See for example this presenation (in german, sorry folks): https://www.heinlein-support.de/vortrag/spam-quarantaene-und-tagging-der-grosse-irrtum Am Montag, 20. Mai 2019, 12:53:34 CEST schrieb @lbutlr: > On 20 May 2019, at 01:42, Brent Clark <brentgclarkl...@gmail.com> wrote: > > My colleague has proposed that at smtp time, if a mail is deemed as spam, > > the server issues a reject code, but then to too accept the mail and > > forward the mail the user for incase its a false positive. > The odds of a mail scoring over 10.0 on SpamAssassin being legit are so low > as to be meaningless, so that's a silly reason to implement a completely > non-standard email chain that is likely to only anger your users with even > more spam to sort through. > > His logic is that, that the spammer does not build up a database. > > The days of that are long past. Spammers simply buy lists of billions of > emails. They do not care about delivery at all. > > Currently what we do is, if the score is between 5 and 15, just accept and > > move the spam to the users SPAM box. Above 15 we out right block. > I'd say 15 is far too high and including that much spam probably trains your > users to never even bother looking at the spam folder, but that's fine. > > I am on the fence on this one, hence the reason to pick the communities > > brain. > I would never do this. My rule is very simple, anything we accept gets > delivered to the user. Anything we reject gets rejected during the SMTP > transaction. If it is LEGITIMATE mail, the sender will see the rejection.
