> you can very easily tell what should or should not be flagged for review > with the most granular rules, anything with virus attachments should NEVER > get to the user, period, ever. Id rather have 100 false positives for > viruses than my network get turned into a zombie because I threw my users to > the wolves.
Wrong thinking. It is not your task to determine whats a valid email and whats not for users - period! You rather having 100 false positives doesn't make it right - on the contrary. Only the user can decide what is right and what is wrong email for him or her - period. Protecting the network from getting turned into a zombie, as you call it, has nothing to do with the above. And if you think, even in the least, that your network is protected because you screen email for viruses you're facing much more serious trouble and users should not use your network at all. > Also as best practices state, you never discard messages because you flagged > them as spam unless you have a valid high confidence threat on them such as > a well known virus, you flag them and let the user determine what to do with > said flagged mail, but virus spam should always be dealt with much sooner > than on the users machine. If a payload has reached the user you are already > too late to deal with it. \ Yeah.. that's the modern practice now a days alright, but that doesn't make it right. > > On Wed, Apr 30, 2014 at 8:58 PM, Martin Braun <[email protected]> > wrote: >> >> > In theroy that idea isnt even that great, and in practice a hygene >> > server is >> > a better place to do the most course obvious spam. There is stuff that >> > is >> > very obviously not wanted such as items coming from rouge servers that >> > we >> > can prove thanks to SPF or Sender-ID being setup correctly. >> >> Validating that SPF or Sender-ID has been setup correctly - great when >> it works, not so much about fighting SPAM more about fighting bad >> admins. SPAM gets through still though. In many cases of SPAM it's the >> user account that has been cracked and the spammers are using full >> valid SPF and Sender-IDs, heck it's even signed with DKIM too. >> >> > There is no >> > reason that a server that can verify that another server has no right to >> > send should pass on a potentially risky email to the user, it is >> > actually >> > very irresponsible to do so especially since you are going to treat a >> > user >> > that may have no clue about email headers as an idiot because they >> > clicked >> > on a message that if you had a script take two milliseconds to look at >> > could >> > have told you it was spam. >> > Not everyone is a computer scientist, and stuff that is obvious should >> > be >> > dealt with long before your users have to deal with it manually. >> >> You're missing my point. You cannot determine what "stuff" should be >> dealt with on account of your users. Period. One single "false >> positive" is enough. >> >> > >> > On Wed, Apr 30, 2014 at 6:59 PM, Martin Braun <[email protected]> >> > wrote: >> >> >> >> IMHO spam should be dealt with only on the client, not on the server. >> >> It is not the task of the server to determine what is spam and what is >> >> not. I know everyone does it, I used to do it too, but it is wrong. >> >> >> >> 2014-04-26 16:26 GMT+02:00 Stéphane Guedon <[email protected]>: >> >> > Le samedi 26 avril 2014 07:20:19, vous avez écrit : >> >> >> Hi John, >> >> >> >> >> >> At 06:04 26-04-2014, John Cox wrote: >> >> >> >Unfortunately the whole point of SPF (unlike Sender-ID which works >> >> >> >much better and on much the same principles) is that you can reject >> >> >> >the message before receiving it so you wouldn't have the DKIM stuff >> >> >> >(which I think requires you to have the entire message?). >> >> >> >> >> >> SPF allows processing using envelope information. DKIM processing >> >> >> can only occur after the entire message has been received. >> >> >> >> >> >> Regards, >> >> >> -sm >> >> > >> >> > I am myself in need for a good antispam solution with opensmtpd. >> >> > >> >> > if dkim (which I don't use yet) and spf are not really working, >> >> > what's >> >> > the good way (I am already using spamd, not enough !) >> >> >> >> -- >> >> You received this mail because you are subscribed to [email protected] >> >> To unsubscribe, send a mail to: [email protected] >> >> >> > >> > >> > >> > -- >> > Jason Barbier | [email protected] >> > Pro Patria Vigilans >> >> -- >> You received this mail because you are subscribed to [email protected] >> To unsubscribe, send a mail to: [email protected] >> > > > > -- > Jason Barbier | [email protected] > Pro Patria Vigilans -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
