My last word for now on blocking vs. tagging| Characteristics of a true positive | Spam is rejected before delivery. |  |
Spam is re-routed after delivery |  |
| No bandwidth is wasted | |
Bandwidth is wasted |  |
|
| No storage is wasted | |
Storage is wasted | |
|
| A majority of spammers, now using single stage trojaned proxies, will see a 554 response (explicit rejection) | |
Spammer sees a 250 "message accepted" response | |
|
| Results of a true positive | Victim wholly unaware of any intrusion | |
Victim may still see the spam if he chooses to look in his spam folder (partially defeats the objective of no spam) | |
| Characteristics of a false positive | email is rejected before delivery |  |
email is accepted but not delivered or placed in a spam folder | |
| * sender sees an explicit bounce message and is immediately aware there is an issue | |
* sender believes message was sent | |
|
| sender is offended ("I didn't spam you") | |
sender is blissfully ignorant | |
|
| recipient is made aware that a message is pending | |
recipient does not spot the real email lost in the thousands of spam messages in the spam folder | |
|
| Typical results of a false positive | Messages are delivered by an alternate route | |
Messages are delayed or missed entirely | |
| Communication remains open | |
Communication breaks down | |
|
| Business (almost) as usual | |
Opportunities are missed | |
|
| Open relays are closed | |
Open relays stay open | |
|
| Users of rogue ISPs are made aware of the issue and consider moving | |
users of rogue ISPs have no clue that their money is supporting spammers | |
|
| Administrative implications | Initial choice of block lists is important. | |
Initial choice of block lists (for tagging) is important. | |
| No archive of trapped spam to review for false positives | |
Large archive of trapped spam to review. Possibly a full time job at larger sites | |
|
| Configuration of local blocking must be regularly reviewed. | |
Use of local blocking not critical | |
|
| Communication to users of the blocking strategy is important (what and why) | |
Communication to users of the tagging strategy is important (what and why) | |
|
| Good (Bad) | 12 (3) |  |
2 (13) | |
* is the only part of this argument that is usually made by pro-taggers.
With over 50% spam now coming our way (that means 0-100% of messages landing in the spam folder), this ostrich like behaviour will soon be unsustainable. There is a limit to just how much rubbish can be hidden under even the biggest rug.
The prosecution rests m'lud.
Category: Spam blocking rationale
Technorati: Spam blocking rationale
1. Chris Harvey30/07/2003 15:45:26
Homepage: http://chris.brotherhoodmutual.com
I agree that blocking works well for person-to-person communications. But when I suggest blocking, my boss always brings up the 4 or 5 messages a week that he gets that are legit mass mailings. Some of these are IBM iSeries news type technical stuff and some are just buy.com adds that he requested. These email could be addressed by a whitelist, but not with the process you described because they are not person-to-person.
Now, I can hear your response "Is the loss of those messages worth getting back the bandwidth, diskspace, and time currently waisted by spam?" In my opinion, NO; but for my boss and a few other vocal detractors it is yes.
And that is why whitelists are a hot-button for me, because they would render that disagreement moot and I could just move forward.
2. Chris Linfoot30/07/2003 15:52:29
Homepage: http://chris-linfoot.net
Your boss the PHB variety perchance? 
I had the same discussion with our board and the blocking strategy was unanimously supported.
Anyway, just wait till your first high profile false positive due to mis-tagging of a legit email and then be ready with the argument I made above.
And can I count on your vote in the great Domino whitelist debate? I think we need others (preferably those with lots of Domino seats) to start banging this drum.
3. 30/07/2003 16:01:35
"But when I suggest blocking, my boss always brings up the 4 or 5 messages a week that he gets that are legit mass mailings."
Also, which lists actually block these thins? Spamcop? SPEWS, SBL?
Then just don't use them. Juts use the DSBL which alone stops c. 40% of our spam, false positives are very rare and in fact non-existent for the categories of mail you described that your PHB wants to keep.
4. John Rowland13/10/2003 19:42:25
Chris,
I noticed on one of your LDD posts concerning blocking that you used a custom bounce message that included the offending IP address and the list that blocked it. How do you get those pieces of data into the message? The configuration document field seems (?) to be something for a static, not dynamic, message.
Thanks
5. Chris Linfoot14/10/2003 08:29:39
Configuration document, field "Custom SMTP error response for rejected messages:".
Use %s twice for the variable parts. The first %s is replaced with the IP that was blocked and the second one with the name of the list that caused the block.
For example:
We rejected your mail because the host that attempted to deliver it %s was found in the block list at %s.
Simple, but not well documented sadly 
6. Chris Harvey27/04/2004 17:52:43
Update to my previous comments on this post.
The boss I had last July has reciently left the company. We are also so burried in spam that some legit messages have been missed in the JunkMail folder. So, as of yesterday, we are now blocking (not tagging).
I have received several messages of thanks from users this morning.
7. Chris Linfoot28/04/2004 08:22:33
Outstanding!
Unable to post a comment? Please read this for a possible explanation...
- 
