> ---------- Forwarded message ---------- > From: "Bret Miller" <bret.mil...@wcg.org> > To: "John Rudd" <jr...@ucsc.edu> > Date: Tue, 21 Aug 2007 13:08:06 -0700 > Subject: RE: BOTNET Exceptions for Today >> Bret Miller wrote:
> Maybe these aren't false positives because botnet is identifying them for > what they are-- badly configured. But to give a rule like botnet a default > score that's high enough to consider the messages spam all on its own causes > users to think we have a bad spam filtering program. > > When I see on the list that many people run botnet with ZERO false > positives, I have to ask myself, "how? And why is our setup here so > different?" Perhaps they already block email with invalid rdns at the MTA > level, so none of this ever gets looked at. Perhaps their users just give up > when they don't get email that they expect and use a free email account > instead for that email. I don't know, but botnet hits a significant amount > of legitimate email here, regardless of how badly configured the sending > servers are. > > I just don't have the option of telling our president's assistant that "we > can't accept email from your husband because the IT department at the City > of Pasadena won't fix their DNS issues for their email server." That's just > not acceptable in a corporate environment, even if she had a clue what the > statement meant besides that I was refusing to do what she wants. The > majority of these badly configured servers won't ever get fixed unless > someone that matters to them stands up and tells them they need to fix it. I > do that when I can, but most of the time I just don't matter enough to get > it done. That's why you can exempt some senders. You don't have to force the City of Pasadena to fix their mail servers. You can simply find out what their mail servers are, through various means, and give them some form of exemption/whitelisting. I did that for our chancellors wife, for example :-) I've also done it for a few of our vendors where it couldn't be fixed (the funniest example being where the marketing guy had been complaining to IT about it long before I even wrote Botnet, and the IT guys just refused to fix it... funny because the marketing guy was more cluful about best practices than the person whose job it was to actually pay attention to those best practices). That's at work. We get vanishingly few FP's at work (millions of messages per week, less than 100 tickets about it in 3-4 years (I think less than 30 tickets about it)). At home, I'm just a bastard about it. None of my friends are on services that are that poorly configured (so no need to whitelist anyone that I _would_ given a whitelist entry to). I'm not interested in anyone else's half baked excuses about why they haven't fixed it before, nor why they wont fix it in the future, so that group wouldn't get a whitelist entry even if they asked for it.