Steve Thomas wrote:
Earlier today, I said:
Unless you're the final recipient of the message, you have no business deleting it. If you've accept a message, you should either deliver or bounce it, per RFC requirements.
I just want to clarify that I was in no way suggesting that anyone bounce spam - I was merely pointing out that if you choose to 250 a message, you have to deliver it. The much better option is to 550 it after DATA if you don't like what you see. Silently deleting other people's e-mail should never even be considered.
This policy I whole heartedly agree with, and I strive where ever possible to enforce this in every place I work, where ever people get listed in SORBS for backscatter, I work with them telling them how they can do this.... With the current technologies available there is no reason a small-medium organisation cannot virus and spam scan mail inline at the SMTP transaction stage. (Even the barracuda's can spamassassin scan at around 8 messages per second - my previous employment were receiving around 4 messages per second - which translated to 1-2 million emails per day) It is possible to do inline scanning in larger ISPs (I personally have configured a 'system' to handle upto 90 message per second inline scanning) - though it requires a lot more planning, thought, and careful consideration. Regards, Mat