On Fri, Jun 26, 2009 at 15:23, LuKreme<krem...@kreme.com> wrote: > On 26-Jun-2009, at 14:54, Charles Gregory wrote: >>
>> I don't care. It's the *meaning* that matters. Not the *word*. > > Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail > from a verifiable source with a verifiable (fixed) IP, correct rDNS that is > authorized to send mail and does not appear in the zen RBL. It also has to > helo with a legitimate hostname and the rDNS cannot contain strings like > 'pool' or 'dynamic' or 'dialup'. It seems to me that this is "legitimate messages" vs "legitimate hosts". Each mail admin, and organization, has to determine the cost of deciding how to handle the signal to noise ratio generated by different classes of hostss. When a given single host is submitting a high ratio of spam+viruses+phishing+etc. vs legitimate messages, at what point is the cost of accepting its messages no longer justified in order to obtain those legitimate messages? That's the question that motivates implementing Spam/Open-Relay/etc. type black holes at the SMTP level. PBL is similar, except that you're not considering a single host, you're considering an entire class of hosts (dynamic hosts, end client hosts, etc.), whose individual submission rates might be quite low, because they're being leveraged by a well run/configured botnet. But, the question is still the same: what is the value of accepting message submissions directly from those hosts, compared to the cost of doing so? Obviously my site targets dynamic hosts quite aggressively (we utilize both the PBL and the Botnet plugin). We've had VERY few complaints about Botnet. We've had ONE complaint about the PBL since we started using it (the minute it became available). Yet, implementing these measures significantly altered our spam/virus/etc. load. We feel the cost/benefit analysis doesn't justify letting those sites have direct access to our SMTP prompts. And, I say that as a site with LOTS of vocal "don't block ANY of our mail!!!" users. We don't have the most cooperative of user bases (we have users who have blocked our effort to save disk space by routinely cleaning old messages out of trash folders ... because they use their trash folder to store important messages *boggle*). Yet, we didn't get push back, nor a wide base of complaint, about this issue. It sounds like Charles' user base and cost/benefit analysis is different, and that's fine. But my point here is: legitimate isn't just something that varies from mail-admin to mail-admin, and user to user, it's also a difference in whether you're talking about messages vs submitting hosts. Blocking a host as being illegitimate doesn't mean "it submits 0 legitimate messages". It means it doesn't submit enough legitimate messages to justify the number of illegitimate messages it is sending (or is likely to send, based upon whatever reputation/policy got it black listed). Just as with the definition of the PBL, the site admin needs to understand that block lists are about legitimate hosts, not legitimate messages.
