On 11/02/2010 08:27, LuKreme wrote:
At SMTP time I return a 5xx code during the "DATA" phase for messages classified as Spam.
However, I also deliver the message into a read only "Junk E-Mail" folder for the user,
This is just wrong. Either accept the message, or reject the message. Rejecting
the message while secretly accepting it is just completely wrong.
"This is just wrong" is not a very good argument for your case.
Hopefully you'll do better below.
Let's say your filter catches a legitimate message to u...@yourdomain.tld from
b...@mydomain.tld. Bob gets an erro saying the message was spammy and didn't
go through, so he goes to his gmail account and sends it again, hoping for
better results. This time it goes through.
Bob could also have just clicked the link in the NDR.
Now your user has two emails, one tagged spam and one not. One is in
quarantine, and one isn't.
How have you helped your user?
You've described one scenario out of many. One where my system wouldn't
provide any additional benefit, but at the same time it doesn't make
either the sender or the recipient worse off. You didn't even describe a
scenario which is particularly common. Here's another scenario. One
which is definitely more common:
A user goes to some website and signs up. They're sent an automated
confirmation email. The mail server classifies the incoming email as
spam and rejects it. In my system, the user is expecting a confirmation
email and doesn't receive it so checks their Junk E-Mail folder and
finds it there. In a "normal" system which just 5xx's, the user has to
wait longer just to make sure that the email wasn't delayed and then has
to jump through loops to find an alternative means of confirming the signup.
A couple of days ago I bought a lottery ticket online for the
EuroMillions lottery this Friday. The order email got a score of 5.5.
Mainly because the "HK_LOTTO" rule fired which applied a score of 3.6. I
noticed that I never received a confirmation email, so I looked in my
Junk E-Mail folder and there it was. Highly useful.
As for your modified 'prove-you-love-me' scheme of quarantines and releases and
web urls, that would look very spammish to me, and I wouldn't follow that link,
even if I did see it which I probably wouldn't because my SA would almost
certainly classify that sort of NDN as spam...
Your SpamAssassin installation would, "almost certainly," classify an
NDR, which your *own system* generated, as spam? I rarely use "LOL", but
in this case I think it's appropriate... LOL.
I've never clicked on a prove-you-love-me link, and I'm not about to start now.
And when asked by my customers I recommend they don't click them either. As I
point out, this falls under the class of 'unknown URL from unknown source' and
that's always a risk.
Providing the URL *might* provide benefit for *some* people. Again, the
existance of the URL doesn't make either the sender or the recipient
worse off in any way.
You've failed to convince me.
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
