Why silently dropping mail is a bad idea
As someone who is responsible for filtering mail, there are a number of options that we have when it comes to filtering spam. We can do any of the following:
- Reject it in SMTP with an error message
- Quarantine the message to cloud storage
- Mark it with an x-header so that the user can filter it in their mail client without having to log in to a spam quarantine
- Modify the subject line and do the same as above
- Redirect the spam to another alias, such as an admin account (don’t know why you’d do this, but some people do)
- Silently drop the message
These are not all the options there are, but they are the most common. Of the ones above, the first five are good ideas. The last one is a bad idea.
Why?
I want you to imagine a situation where you send a snail mail to a friend of yours who is not living close to you. Suppose you send him (or her) a wedding invitation saying “Come celebrate with us! Please respond by such-and-such a date so we can add you to our list!” You send out a bunch of wedding invitations to all of your friends. You look up their addresses in the phone book (ha, ha, ha, just kidding; I mean the Internet) and write out all of their home addresses, stamp each one and drop them in the mailbox.
Well, weeks go by and you hear back from various people. Some say they can come, others say they can’t. Some people don’t respond at all. Your wedding comes, you have a great time, and you get on with your life.
Until you run into a friend one day who didn’t respond (you forgot to follow up in person because you’re lazy even though the wedding checklists all say you should do this). “Hey!” you say at the brief encounter. “Why didn’t you respond to my wedding invite?”
“Huh?” says your friend. “What wedding invite?”
“The one I sent you in the mail!”
“I didn’t get a wedding invitation from anyone?”
“Sigh,” you sigh. The Post Office either misdelivered it or it got lost in the mail somewhere. Yet neither you were notified nor was your friend. For all you know, the mail got there just fine. For all he knows, you never sent him anything to begin with. So how would he know to expect it? Unfortunately, a very important piece of communication went missing and neither sender nor receiver knew that the other missed anything.
It’s for this reason that silently dropping mail is a bad idea. Because spam filters are not perfect, they will occasionally generate false positives. If the mail is rejected in SMTP, the sender knows there is a problem right away and can move to correct it. If the mail is marked as spam by the receiver’s filter, it is delivered to a quarantine or junk mail folder. Yes, it might take them a little longer to receive it (who checks their junk folder or quarantine every day? No one, that’s who), but at least they can retrieve it eventually. The mail is still retrievable.
But if mail is silently dropped, then an important piece of information has gone missing. Neither the sender nor receiver knows about it. What’s the receiver supposed to do? Ask everyone he knows if they sent him an important mail? What’s the sender supposed to do? Follow up with everyone they send mail to and ask “did you get my mail?” That’s ridiculous. Because of the risk of accidentally eating important mail and nobody will ever know about it (try troubleshooting that problem), silently dropping mail is a good idea. Don’t hide behind the false positive SLA; lost mail is lost mail. One is too many.
Why would anyone even silently drop mail? I can think of one reason: You don’t want to store spam. This eats up server resources and bandwidth; you are storing disk space for junk mail and you want to maximize efficiency. Well, guess what? Stop whining! As of this writing, here is how much free disk space Gmail gives you:
That’s over 7.6 gigs. Obviously, Google is not worrying about a lack of disk space for a product that they give away for free (although they are charging advertisers for the privilege of your eyeballs). Google does throw away spam after 30 days but the key point here is that they do it after 30 days – they give you a chance to review it first.
There isn’t a good reason to do silent drop. Either tell the sender you are blocking it or tell the receiver. If you tell no one and toss the message, that’s simply irresponsible.
Comments
Anonymous
August 14, 2011
The comment has been removedAnonymous
August 14, 2011
The comment has been removedAnonymous
August 15, 2011
The comment has been removedAnonymous
August 18, 2011
It's not the space. It's the fact that someone has to look at those and if you can get rid of messages with a 99.999% accuracy then go for it. I seriously doubt that Google delivers all mail to me. I run a mail server at work and I get a ton of foreign language based mail in my spam device. I also receive really poor formatted English emails as well. I receive none of that in my gmail spam folder. I'm almost positive that if a spam server in China tries to send mail to Google they cut them off before they get a chance. I do this as well and by blocking a few hundred ip ranges I'm brought my spam down from 45,000 a day to 5,000. Just my two cents.Anonymous
October 22, 2015
The comment has been removed- Anonymous
July 06, 2016
We are a small local soccer league and silently dropped emails have been a nightmare for us. A few of our players using hotmail/live/outlook email addresses are not receiving our emails. Some missed this season's registrations because of this. We are a small non-profit league run by volunteers and with very limited resources. We were using a cheap, shared hosting service for web and emails. It took us a while to realize that our emails were not received by some users. We spent many hours researching and trying to fix this. We still have problems even though we implement all good practices to ensure deliverability (DKIM, DMARC, SPF, compliance with anti spam legislation here in Canada). We also moved to a vps server with static IP address (IP with good reputation and not listed in any RBL). We also tried marketing campaign services. We contacted Microsoft in order to resolve the issue and they said that the problem was related to our "unfamiliar" domain name (I can't remember the exact term they used). We send about 10 emails a year to around 75 members!!! I understand that spam is a big issue, but I don't think it's right to completely block emails. From what I understand, the goal of DMARC is to help domain owner to know how the emails from their domain is handled by receiving servers. However, we found that it is very hard to make sense of the XML reports.
- Anonymous