Author: Alan J. Flavell Date: To: Exim-Users (E-mail) Subject: Re: [exim] Defer as a spam filter
On Fri, 4 Mar 2005, Tom Kistner wrote:
> My experiences have been less positive. I like to get my email
> quickly. Some remote hosts (large organizations) have their initial
> retry times set up to 6 hours.
As so often, "it depends on what you're trying to achieve".
Waiting 6 hours would give a good chance of an abusive MTA turning up
in spamcop or cbl (or whatever one uses) if it's going to get
blacklisted at all; and thus push the item's spam rating up to the
point where it would be outright rejected. So I could see *some*
logic in that.
But many pump-and-dump spammers can be repulsed by simply deferring
their first offer. Those kind of senders won't try again, so if the
offering MTA *does* retry, you could accept at once, and still have
kept out a meaningful amount of spam.
(Disclaimer: At the moment, we're not doing either, on the production
system.)
Indeed, quite a few pump-and-dump spammers can be got rid of by simply
delaying for somewhat over 60 seconds at the RCPT stage, without
having to defer at all. Genuine MTAs usually cope with a delay of at
least a couple of minutes, if not the whole 5mins recommended in the
RFC. Of course I don't do this for all offering MTAs: I have a list
of criteria which are taken as at least *indicative* of a suspicious
source, and the ACL then applies this delay.
But of course it's an arms-race. If the majority of sites used these
techniques, the spammers would have to find a way of overcoming them.
The techniques only work as long as you're in the minority, so the
spammers can't be bothered to put in the effort to overcome them.
> But I know that email admins in academia are nearly untoucheable.
By no means: I get a steady trickle of complaints from our users about
spam that leaked through, asking me to implement better defences.
Plus just the occasional complaint about a false-positive rejection.
> That is another matter in real business.