On Thu, 3 Jun 2004, Matt Sergeant wrote:
> Well, anti-spam is my day-job, and I wouldn't recomend those if I didn't
> think they were worth it.
Hmm. Until recently, I worked for Western Canada's largest ISP on
their Tier III Messaging Team. My unofficial title was "Spam-Master", not
only because I did the front line anti- stuff, but also because I did (and
I'm not proud of it) their spamming to their own customers. I also used to
run a public RBL, but gave it up due to high maintenance and all the
negative reasons cited (and then some).
Not that the ISP is doing things any better now (I think they just
started with Brightmail, and I don't like their product, either), but the
policy was that we would block when we were heavily hit, but no longer
than that, because it was also policy that all legit email was delivered.
That has now changed, and there is always a possibility, there, of false
positives.
My personal philosophy is that spam control should not be
dependent on anyone else. That means no dnsbl lists at all. It also means
that whatever I do, I have to guarantee that legit email can get through.
On top of that, it also means that I don't approve of SPF, DCC,
greylisting, Domain Keys, and everything else that penalizes legitimate
users.
I think it's important to reject as much crap as possible, though,
so whenever a connection is rejected, it is likely that contact
information is provided. Of course, that doesn't help people using Hotmail
and stupid MTAs that don't pass through the rejection message, but the end
users can still act as a failsafe for those times.
Oh, we're actually batting 100% effectiveness. Unfortunately, some
of the key stuff is proprietary :-/ so I can't share it, but some useful
stuff has made it back to some of the plugin authors.
--
Roger Walker
"HIS Pain - OUR Gain"
