Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]

[Matthew Sullivan <matthew () sorbs net>]

Steve Thomas wrote:

> Earlier today, I said:
>  
>
> > Unless you're the final recipient of the message, you have no business
> > deleting it. If you've accept a message, you should either deliver or
> > bounce it, per RFC requirements.
> >    
>
> I just want to clarify that I was in no way suggesting that anyone bounce
> spam - I was merely pointing out that if you choose to 250 a message, you
> have to deliver it. The much better option is to 550 it after DATA if you
> don't like what you see. Silently deleting other people's e-mail should
> never even be considered.
>  

This policy I whole heartedly agree with, and I strive where ever 
possible to enforce this in every place I work, where ever people get 
listed in SORBS for backscatter, I work with them telling them how they 
can do this....

With the current technologies available there is no reason a 
small-medium organisation cannot virus and spam scan mail inline at the 
SMTP transaction stage. (Even the barracuda's can spamassassin scan at 
around 8 messages per second - my previous employment were receiving 
around 4 messages per second - which translated to 1-2 million emails 
per day)

It is possible to do inline scanning in larger ISPs (I personally have 
configured a 'system' to handle upto 90 message per second inline 
scanning) - though it requires a lot more planning, thought, and careful 
consideration.

Regards,

Mat