[Dovecot] [ot] spam

Ken A ka at pacific.net
Tue Sep 26 21:20:10 EEST 2006 


/dev/rob0 wrote:
> On Tuesday 26 September 2006 11:57, Matt wrote:
>>> In general, I agree - but once you've seen ASSP in action, you'll
>>> never look back.
>> Does ASSP support vhosted mailboxs? Can I allow each user to
>> configure their own white/black lists like spam assassin allows?
> 
> This is going way off topic ... okay, not going, it's gone. :) But I 
> contribute to the problem by tossing out this bit:
> 
> I don't see the point in per-user spam controls. Spam is spam. If a 
> site's sending out UBE, that is a spam site, period. Block it.
> 
> Spam is not "mail that $USER doesn't want to see". Spam is UBE. If  
> $USER subscribed to something and confirmed it before the mailings 
> started, that's not spam. If $USER happens to be interested in the 
> stock tips or pharmaceuticals or other such spammer spew, it's STILL 
> spam, and should be treated as such.
> 
> Furthermore, users rarely understand how mail works. They think that 
> sender addresses really mean something. You got spam from some sender 
> address, so you should blacklist that address? Well duh, it probably 
> wasn't really that sender. Maybe you just blocked a real person, an 
> innocent victim of spammers.
> 
> Whitelisting by sender address is just as bad for the same reasons. 
> Suppose you whitelist an Outhouse Distress user who gets a virus, and 
> the virus goes out to everyone in the address book.

I'd disagree with this point. A spam whitelist doesn't have to allow 
viruses to pass. Also, most automated server side anti-spam systems, 
especially those that are content based, like SpamAssassin, need per 
user whitelists to allow the system to adjust to the needs of individual 
users. This may not be true for Corporate users, where policy reigns 
supreme, but for a general email provider, like an ISP, per user 
whitelists are a necessary evil. Without them, content based filters 
would have to be very lame.

Ken A.
Pacific.Net


> End users occasionally discover the great FUSSP of C/R systems ... and 
> thus join the legions of spammers. All out of ignorance. Spam 
> "solutions" implemented by people who don't understand spam and SMTP 
> always make the problem worse for everyone.
> 
> I'm not paternalistic, at least I don't think so, but I'd like to see 
> movement away from user spam controls and toward *clueful* server-side 
> spam abatement. Maybe that would indeed be a FUSSP? No telling, because 
> it will never happen.

More information about the dovecot mailing list