Spam Filtering

In an attempt to reduce the amount of incoming junk mail, many organizations have adopted the approach of having their SMTP server do spam filtering.

My feeling is that this is a bad idea, because there is no reliable way to guard against false positives.

In fact, I ran up against precisely that problem recently: One of the people I carpool with works for the city of Pasadena. One day last year, all my messages to her stopped getting delivered. To make a very long story short, the city uses some commercial spam-filtering package, and all of my messages were suddenly being (mis)identified as spam, and discarded! The people who look after the city's mailserver never did figure out why my e-mail (which typically are simple “what time are we rendezvousing for the drive home?” sorts of stuff) was being considered spam, so they put in a kludgy workaround, a special exception rule for messages from my domain. But one wonders how many other people are sending e-mail to the city of Pasadena, and having their messages flushed down an e-drain.

So the approach we've taken at CACR is to have the SMTP server do spam tagging, but deliver all mail to recipients; then individuals can configure their mail client to deal with potential spam as they see fit. This has worked well, and it's unlikely that we'll have our mailserver do active spam filtering.