rejecting spam at SMTP time

Vernon Schryver vjs@calcite.rhyolite.com
Wed Apr 28 22:10:43 UTC 2010


> > Why was that message not rejected during the SMTP transaction?
> > Checking for spam after telling the mail sender that the message has
> > been accept is a bad, albeit very popular mistake.  If the filter
> > suffers a false positive and dumps a legitimate message in a "spam
> > folder" then the message s likely to disappear.  Your mother will think
> > you're snubbing her.

> From: "Chris Aseltine" <ophidian@newsnation.com>

> I thought of another reason why this might not work.  A lot of times when I
> sign up for some service, they send me an email to verify my account.  Many
> times, their SMTP server (the one sending me the confirmation message) is on
> somebody's blocklist.  If it got rejected, the web site thnks I gave a bogus
> email address.

That assumes facts that are not in evidence and that I think are generally
false including:

 1. A legitimate mailing list will be on "somebody's blocklist" and
     so the subscription confirmation will be rejected.

     There are DNSBLs that list large swaths of the Internet, but if
     you're using any of them, you care less about receiving legitimate
     email than about counting coup.  In this case you should prefer
     rejections during the SMTP transaction, because you can't really
     count coup when your target doesn't feel the hit from your coup
     stick.  On the other hand, if you don't use kooky DNSBLs, your new
     mailing list is probably not blacklisted.


 2. "Web sites" care about rejected subscription confirmations messages.

     Legitimate mailing lists should care about receiving replies to
     subscription confirmation messages via SMTP or HTTP, but I've never
     heard of one that cares about a 5yz rejection of a confirmation.


 3. You can't respond to a subscription confirmation that has been rejected.

     If you use the DNSBL support in dccm or dccifd (and probably other
     software, but this is the DCC mailing list), the rejection does
     not happen until the end of the DATA command.  If you have configured
     dccm or dccifd logging reasonably, the subscription confirmatil
     will be in the target user's log directory.  It takes only a little
     extra effort to respond to a confirmation request in your DCC log
     directory.


 4. The situation is better if the legitimate mailing list is on
     "somebody's blocklist" and your mail system discards hits
     instead of rejecting them.

     *ALL* filters have false positives, including your manual scanning
     of your "spam folder."  If you are not a coup counting kook, then
     the mailing list is unlikely to be on somebody's blocklist unless
     it looks bad.  If it looks bad, then the manual mental machinery
     you use to scan your spam folder is likely to also suffer a false
     positive, you won't confirm the subscription, and it doesn't matter
     whether your mail system rejected or discarded the confirmation request.

     You might object that you'd think "It's been a week.  Why haven't I
     received a subscription confirmation?" and search your spam folder
     with `grep` for the confirmation request.  In that case, see #3 above.
  

Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.