Please stop over-engineering your antispam system

I’m obviously entirely partisan here, having a significant interest in an antispam and antivirus email filtering service called antibodyMX.  That aside, can I please ask you mail administrators to stop making make filtering decisions based on really, really, shonky premises?  Thanks.

Today I responded to a posting on a mailing list for the MTA that antibodyMX is based on.  The point of the the post isn’t really relevant here, save that the sender was seriously suggesting that the list adopt a standards-breaking policy, but I responded citing a technical issue and was surprised when my email to the original poster was rejected.

The reason it was rejected was that the original poster had decided that the presence of the word “adsl” in the DNS-resolved name of the connecting host was an indication of a spam-sending host.  This is an interesting idea, and for the non-technical reader, it’s best summarised as being bollocks.

The reasoning behind this idea isn’t, well, unreasonable.  Most Internet users these days are on some kind of ADSL connection and most use the cheapest ISP they can find. Most forward/reverse DNS entries for IPs in these ranges look like “adsl-1.2.3.4.SomeISP.net/1.2.3.4”. Many of these users have simply no idea about sensible security so thousands of these home PCs are spam zombies. Is it so bad to assume that mail traffic from such ranges is bound to be spam?

Back to my rejected email.  The regular expression rule the mail system owner had decided to use was badly flawed. It decided that my mail server called “olga.hinterlands.org” looked so much like the word “adsl” that rejecting mail from it (hey! all the right letters are there!) was the sensible thing to do.  Subsquent emails went along the lines of “so what if I do <this>?”  “No, that’s broken, too”  “And how about _this_?” “Sorry”.

This worries me for lots of reasons.  Firstly, a lot of perfectly legitimate email comes out of ADSL ranges.  Small companies use these all the time.  Secondly if you must enforce this sort of thing, (your server, your rules after all), at least bother to test your filtering is doing what you expect.   Test the damn thing and don’t make other email administrators have to deal with the fallout from your local policy.

2 thoughts on “Please stop over-engineering your antispam system”

Leave a Reply

Your email address will not be published. Required fields are marked *