A confession: I find rejecting spam at SMTP time to be more satisfying

December 27, 2015

In a modern mail environment, there are a number of places where you can block or drop spam. Of these places, in some ways the hardest place to support is rejecting things during the SMTP conversation. It may take gory hacks to get your inbound mailer to do spam checks during the conversation, there's the SMTP DATA rejection problem, and various other problems.

In the past I've written on various good technical reasons to reject at SMTP time, and I certainly (still) believe all of them. Rejecting spam at SMTP time reduces the risk of false positives and will often (although not always) reduce the load on your mail system, perhaps substantially, and so on. But I have to confess that there is an additional reason that I really like SMTP time rejection of spam: I simply find it a lot more satisfying.

However irrational it is, it simply feels better to reject a spam message at SMTP time than to let it on to my systems. Rejecting at SMTP time feels like I am in some tiny little way giving the spammer the middle finger and throwing their own spam back at them. And on the other side, accepting their spam and then throwing it away later makes me feel just a little bit slimed by that spam, even if all steps are automated and the end result is exactly the same. It even makes me feel a bit irritated to accept and then dump spam.

(Part of it is that with SMTP rejections we are visibly registering some sort of objection to the mail, but that's not all of it by any means.)

I'm aware that this is an irrational thing, but rejection at SMTP time just makes me happier. As a result, I'm willing to go out of my way to create mailer configurations and so on that enable us to do this (and enable us to offer this to users as something they can enable).

(I suspect that part of why I find SMTP time rejection to be more satisfying is that it is the right place to do it at a technical level. Accept then drop is clearly technically inferior to rejecting during the SMTP conversation.)

Comments on this page:

By dozzie at 2015-12-27 08:09:08:

You're actually doing some good to the legitimate senders who are catched by your spam filter. You let them know that their e-mail didn't get through.

At least in Germany this should be common practice as it is basically required by law.

If you accept an email into your system you take responsibility to deliver it. Otherwise it may be "suppression of speech" or something similar.

There were already cases were a sender could prove that the receiver should have got a certain email that was "forgotten" in their spam folder.

Rejecting at SMTP level clearly says to the sender: I do not want to take responsibility of this piece of communication.

Written on 27 December 2015.
« Adjusting mouse sensitivity on Linux, and why you might want to
The limits of what ZFS scrubs check »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Dec 27 02:16:28 2015
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.