Spam Bad – Blacklist Good – Filters Worthless

Okay, more geek stuff. Apologies to the non-geek readers; you’ll just have to wait a few days for more horse news, but I hope it’s worth waiting for. In the never-ending battle against the evil forces of spam, I have put my trust in the goodness of blacklisting, for a number of reasons. Recent experiences with lost mail, combined with a recent discussion on the topic, suddenly awakened me to yet another reason why blacklisting is preferable to the less effective filtering solution.

In a nutshell, filtering involves allowing the spam to be delivered to the recipient’s email server, and then scanning it for clues that might identify it as spam. Blacklisting involves immediately rejecting the mail based on the IP address of the sending server, without receiving it at all or caring about the contents.

Obviously blacklisting is more efficient, as it eliminates the transfer of spam which will later be discarded by a filter. Whether or not it is more reliable is debatable, depending on the aggressiveness of the blacklists or the filters chosen by the recipient. My personal experience is that blacklisting does a better job as well as being more efficient, but your mileage may vary.

Filtering requires the filter to make a decision about what to do with mail that’s identified after delivery as spam. There are basically three choices: silently discard it without notifying anyone, bounce it back to the (alleged) sender, or filter it into a special spam folder to be reviewed by the recipient to be sure it really is spam.

In the past, I would have voted for option 2, sending it back to the sender. The third option, holding it for review, is only marginally better than no filtering at all. The first option is a risk for “false positives” (legitimate messages that are incorrectly tagged as spam). If I send mail that doesn’t reach the recipient because of an over-eager spam filter, I would at least like to know about it. But, as it turns out, I have recently been the victim of option 1, the silent destruction of mail. Kentucky State Government’s email server has apparently decided to discard messages from me, without notifying either me or the recipient. In my opinion, this is unacceptable, but there is a legitimate reason for doing it.

The problem with option 2, bouncing spam back to the sender, is that the return address on spam is usually forged. If it’s a completely invalid address, this is not really a problem. The bounced message goes nowhere, and nobody cares. Unfortunately, the return address on spam is frequently the legitimate address of an innocent party whose address was stolen by the spammer. While I’m ticked off about the stinkin government throwing out my mail, there are worse things that could happen. If somebody sends a million spam messages with my return address on them, which is an easy thing for a spammer to do, I certainly don’t want to get a million messages telling me “my” spam was rejected.

So there’s the dilemma. Notify the (alleged) sender, and risk flooding an innocent mailbox if the sender was forged; or don’t notify the sender, and risk the loss of a legitimate message with nobody ever knowing.

And here’s where blacklisting saves the day, in a way that only recently occurred to me. By rejecting the mail at the time of the attempted delivery, rather than filtering it after delivery, the decision about notification is placed back on the sending server. It knows immediately that the message didn’t get delivered. If it’s a legitimate email server, it knows (or should know) the identity of the sender and can return a rejection notice. If it’s a spambot, it won’t do anything about the rejection, but nobody cares anyway. So if my blacklisting server, which is currently rejecting about 50 messages per day, ever rejects a legitimate message (which I don’t think has happened, but I have no way of knowing), at least the sender will (or should) receive a message from his ISP’s server notifying him that my server rejected the mail. And I’m not running the risk of sending rejection notices to someone who didn’t actually send me anything. Blacklisting is good. More sites should use it. I wish sites that don’t want my email would tell my server that, instead of accepting the mail and throwing it away. And if they get email with my return address on it from some other server, it won’t bother me at all if they tell that server they don’t want it. An elegantly simple solution.

Leave a Reply

Your email address will not be published. Required fields are marked *