Hi, On Thu, Jun 16, 2016 at 6:35 PM, David Jones <djo...@ena.com> wrote: >>We were also using the senderscore RBL based on Reindel and others > >>recommendations, but disabled it after it just rejected too much ham. > > The senderscore.org RBL scores for low reputation are a pain sometimes > but those senders need to know how to filter outbound email properly > and detect compromised accounts. Senders won't change or improve > if there isn't some pain or motivation.
It can't be my users. I had three levels of management on the phone wanting an explanation as to why messages were being rejected. > This shows a fundamental problem in mail filtering that needs to be > addressed somehow. When a good mail filter blocks email from a > mail server listed on an RBL, who is at fault. The sender blames the > receiving mail filter because the bounce messages aren't understand- > able to the average user. So the sender has no easy way to contact > the recipient unless they use a different email address. Then the > recipient contacts their own support group (us) and we look like > the bad guy for blocking the email when it is really a repuation > problem with the sender that is very hard to get in contact with. > Then if you can get in touch with the sending mail server admin, > they usually don't know enough about how RBLs or mail filtering > works well enough so you have to spend a lot of time showing > them http://senderscore.org or http://multirbl.valli.org/ and > explain what all of that stuff means. Yes, you've identified the exact issue. Perhaps it was the immediate increase in rejected mail that resulted from the senderscore RBL. There was immediate push-back and absolute resistance to being taught the hard way. For example, 212.227.126.135, scores 4 out of a 100 on senderscore. It also currently hits just sorbs. The individual score for each would have to be so low, even with such a poor reputation, that it hardly makes it worthwhile. I can't reject just on the almost worst reputation as you can have or just on sorbs, and the combination of the two isn't significant enough either. Just because the mail server has been compromised or every other piece of email that was received by that system was spam doesn't mean the next one will be. The users look to us to judge only *their* message for what it is, not how it was sent. In other words, they expect us to turn off the reputation filters, RBLs, etc, because the content of their particular email they're waiting on is not spam. The users just don't care. They'll start to subvert the corporate mail system and start using freemail accounts outside of the company before they would see some epiphany and take it upon themselves to have the faulty mail system fixed.
