|Jeremy Hylton : weblog : 2004-01-24|
Saturday, January 24, 2004
Mailman has been disabling me from its list because it is sending me spam. The mail servers at alum.mit.edu recently install a spam filter, so Mailman receives SMTP errors when I tries to deliver spam that comes through a list. After a certain number of errors, Mailman decides my address is undeliverable and disables delivery on that address.
I spoke briefly with Barry, and he agreed that Mailman ought to have better heuristics for bounce handling. He mentioned that one project he works on sends a probe message after a certain number of bounces. If the probe fails, then it disables delivery. It seems like another heuristic might have to do with percentage of messages reject. For most of the lists, there is more ham than spam and the ham all gets through. For low-traffic lists like meta-sig, it may not work; there could be more spam than ham on the list. (I've got my own spam filter, so I wouldn't know.)
Why does Mailman bother with disabling accounts for bounces? As long as Mailman prevents the bounces from getting delivered to the list administrator, who cares? I don't actually think Mailman should deliver to all address regardless of whether they bounce, but it's an interesting question. In the extreme, Mailman could produce a large volume of undeliverable email that is wasteful of resources on both servers. But what if it had a very conservative poliy, say, disable an account if it bounced every message in the last month or last 100 messages (whichever is longer). How wasteful would that be? Considering the great volume of mail through python.org on a daily basis -- about 900MB of email delivered on a typical weekday -- the bounces are probably a small fraction of the problem.
The Mailman vs. spam filters dilemma is a real one, though. If an ISP provides spam filtering, what can the typical user do? I'm surprised that I haven't heard about the problem before. Perhaps most ISPs mark messages as spam but don't actually reject them.