Re: [Exim] Local users spam filtering

On Thu, 18 Dec 2003, Pat Lashley wrote:

> Not spam filtering for local->local usually makes sense.
>
> Not filtering outgoing messages can save resources; but your
> users should be aware that their messages are quite likely to
> pass through a spam filter on the receiving end; and those
> filters are likely to just drop any message with a high spam
> score.

Then there's the worry about trojan-infested clients on one's site,
which have the potential for the trojan to "call home", pick up
spamming instructions, transmit the spam via the client user's
pre-configured mail server (which would be your site's official mail
relay, if you follow what I mean), and before you know where you are,
your mail relay is in Spamcop. (There seems to be some evidence that
this has happened already in some .edu domains.)

[..]
> user know that their message had a high spam score, and if allowed
> through might run afoul of the recipients' filters. If the bounce
> also contains the Spam Report from SpamAssassin, they will be
> able to see what they did that caused the high score; and attempt
> to correct it.

OK. This, however, tacitly assumes that sites will be applying very
similar spam-rating rules. Not only is that not the case, in our
experience: sites that we deal with have some very different ideas
about mail abuse controls - but also, it wouldn't even be a good idea,
since if everyone was using the same set of rules, the spammers would
have a very easy life bypassing them.