On 10/24/19 14:22, Jaroslaw Rafa via mailop wrote:
Protecting against malware is not a spam filter's job; it's a UTM's (firewall's, web proxy's or whatever you use to protect your network) job.
Email messages containing malware are unsolicited. They are bulk in most every case, and by definition they are email.
A spam filter's job is to filter out bulk, unsolicited email. Therefore, it is indeed a spam filter's job to filter out email messages containing malware. Are you making the claim that email containing malware is "legitimate"?
Malware delivered by malicious websites, on USB sticks, etc. is indeed a different problem.
Antispam filter is not a tool to protect against malware; there are another tools to do that, that are able to identify mailicious content pretty well. It is possible to determine whether a message contains actual malware with much larger certainty than whether it is "spam" and there are basically no problems with messages being mis-classified in this aspect. AV software is pretty reliable.
If a message contains malware, it is almost certainly also spam. Not only is it spam, it is often sent from a compromised host to every string that looks like an email address on that host. This makes it trickier for the spam filter because the targets of the malware are likely to have the sender's email and/or IP address whitelisted.
It's not uncommon to have more than one lock on a door, and it's not uncommon to have more than one defense against malware. Spam filters are one such defense. It is far better to block the malware before it's sitting in a user's inbox on the target host than afterward.
-- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop