At 09:53 PM 1/21/2004, you wrote:
TC> Date: Thu, 22 Jan 2004 12:30:43 +1000 TC> From: Tom Cameron TC> I agree with this too. My practice is to not block the spam but to deliverTC> it with an adjusted subject line so that the client can filter out the spamTC> at their end. This does not reduce my server load but it does help the TC> client. I'm using SpamAssassin for this. TC>TC> The main reason I do this is for legal reasons. As a hosting company I haveTC> a duty to my customers to deliver their mail. While I don't make any silly TC> 100% guarantees, I do consider this a duty I must aim to fulfil. If I wereTC> to decide what mail a client gets or does not get then I could be breaching TC> my responsibilities and potentially subject to litigation. It would be likeTC> US Post opening up all your mail and deciding which ones you want to get - TC> naturally you would be pretty pissed if that happened. The USPO doesn't blindly deliver all mail. If a package is suspicious, it probably won't get through. Mail with insufficient postage isn't delivered. Mail fraud and certain abuses are illegal. ISPs invest in equipment and bandwidth. IANAL, but what I've seen seems to indicate that the courts have understood ISPs' need to protect their investment. That said, I agree that attempts to autosort (BMF, BogoFilter, SA) provide much better results. However, some customers want blacklists... if a customers wants to use them, and understands the issues, one should be fine. But, again, IANAL.
I pretty much agree with Eddy on the resource thing - it's our network, we'll work to our customers' best advantage, but in the end, it's OUR hardware and OUR bill for bandwidth. If we end up manually blocking IP blocks, using block lists, or even rejecting email from TLDs, or ccTLDs, then that's OUR prerogative - we pay the bills.
For the record, we use MailScanner and various rbls to tag and release email (subject tag), and hard block specific offenders, PLUS temporary and occasionally PERMANENT ccTLD blocking. Is this likely to EVENTUALLY block a legitimate spam?... yes. Are my clients likely to get legitimate email from Lithuania.. no! In several years of running MailScanner, we've had TWO complaints and hundreds of thousands of e-mails pass through. I like those stats - they show we're doing it basically right. We're trialling SpamAssassin and Razor2 on our own domain, this will probably become the standard across all servers in a week or so, once I've fine tuned the scores in local.cf - it's catching tons of spam, and getting better all the time!
Interested in who complained? A client who had a holiday villa in the south of France - he used Wanadoo.fr - we have them on PERMANENT block because they fail to respond to requests and complaints about their servers being abused by spammers. Do we plan on un-blocking them... nope - I doubt they will reforms, so they are black holed to us. Once the client was told why they were blocked, he kind of understood, we unblocked wanadoo for about an hour and collected 20 or spams, then blocked them again. Showed the client the spams and told him to change ISPs while sunning himself, or move hosting company to someone who could tolerate the spam passing through wanadoo.
In the end, you have to come up with a policy that suits YOUR BUSINESS - and it's not right for any contributor on this list, or any other list, to start laying down their interpretation of how they think spam should be handled - it's up to individual businesses to find their own path - tools exist - .. quit bickering and concentrate on the problem... ;{)
G H-L