Antispam - empowering employees
Chuck Yerkes
chuck+baylisa at snew.com
Tue Jul 15 09:46:47 PDT 2003
I'll try to respond in complete sentences and make presumptions
on meaning where you don't bother with pronouns, verbs and what not.
Quoting Alvin Oga (alvin at Mail.Linux-Consulting.com):
> On Mon, 14 Jul 2003, Rick Moen wrote:
> > Quoting Alvin Oga (alvin at Mail.Linux-Consulting.com):
> >
> > > we(i) don't want tens/hundreds/thousands of users playing with their
> > > own flavor of spam filters ??
> >
> > And why not? It's their mail.
>
> the other people in the corp has other things to do than
> to fiddle with their spam filters ...
> - most all spam should be removed within a few seconds of
> work on the mta ... instead of few seconds or days
> of spam filter fiddling at each client's box
> ( desktop, laptop, home, traveling laptop, etc )
You act like there's a clear delineation of spam/not-spam.
Yup, and supporting 10,000 people where we tag mail > 5 (spam
assassin) but some people don't want their Costco newletter tagged
and quarantined. We can mutter "not work related mail" on those
news letters, but from Staples or from airlines, it often IS work
related mail.
So block at a high, certain threshold. Tag at a lower threshold.
And quarantine at a certain level.
Some of my users get offended at ANY swear words in their mail and
expect that to be filtered. Other users regularly swear at each
other in mail (sales guys, lawyers ... "What is this *#&$ that you
put in this last contract?...."). When my users are all the same,
I can set the controls to be there same. That's not my world.
User controls are ESSENTIAL to
1) let users make decisions on their thresholds of tolerance.
2) alleviate having to hire lots of people to review several hundred
thousand quarantined messages each month
3) give users a sense that they have some control of their mail
Your attitude harkens me back to that of old mainframers.
When I was doing summer database programming on a PC. I needed
to take wads and wads of accounting data from 200 sites and do
some math on it. I asked for access to the big computer for
this. The mainframe guys offered me 2 languages I didn't know,
(SNOBOL and something bizarre - I was well versed in VMS, CDC
and other large OSs at the time). They listened to what I needed
and came back with "it will cost $40,000 to do this."
My boss said, "thanks, but that's too much and we're done."
"What!?"
I'd been looking to spend a day tossing up a FORTRAN program
or something (I'd use perl and it would take 50 minutes on
my laptop now). I wasn't looking for a room of programmers
So, in their three week requirement-gathering phase, I broke
the data up into floppy sized chunks and carried them to various
machines and ran my program on 8 machines at night. It meant
loading them up at 5:30PM and getting in early-ish to get the data
off their harddrives and back to me. It did it on PC-XTs with a
compiling dBase package. It got the job done. It took me very
little actual time on my part. Gather results in the morning
and dump it on my machine, create the next floppies for that night.
If you treat your users like fools, you can find yourself without users.
PCs replaced desktop mainframe use in a large way because the USER
was able to get work done without dealing with the computational
priesthood.
Windows, in a large part, has replaced Unix because people feel
that it's approachable and, in a large way, someone with not so
much knowledge of computers can put up a Windows Server and install
a couple packages and have Exchange for cheap. They think it
scales; they think it's cheap; they think it's secure. They are
wrong on all counts. But I have yet to see a friendly, say, IMAP
server, even if they get Unix up, targetted at sites with < 5000 users.
That's fewer that 2% of the businesses out there.
So if you want to distance yourself from your users, if you WANT
your users to feel helpless and business to feel that "with this
solution, it depends on our consultant" then keep it up.
However, the products in the rapidly growing anti-spam arena
belie this trend.
Me? I look for tool that make my users more powerful.
When I can empower my users, but at the same time manage the mail
and manage THEIR configurations (don't ever let them turn off
anti-virus scanning, but let them run their own whitelists and
turn up thresholds for things that THEY deem spam for them.
> whether corp email is "their mail" or corp mail and corp IP is
> a separate issue ...
> - i say anything done at company time, company property
> and company topics/subjects is company's responsibilities
Yup, and I say that I don't hire people because they can type email,
I hire them becuase they have skills that my company needs. Email
is an important tool for many of these people to work effectively
and keep my company competitive. My talents in adapting email systems
to do what my users needed have meant that my company has won 8 figure
deals by being faster and better than our competition was.
> and if they say, they didnt get an important email from tom at some
> customer site.. then what broke ???
Hey! It's logged.
"let me use the web interface to our spam tool's user interface.
Oh here! You added him to your blacklist."
I got these calls ALL THE TIME even before filtering. "I sent something
to foo, they didn't get it. Why not?" We'd spend several hours
per week (around 0.3FTE) chasing these down. Inevitably, we traced it
all the way though our system and out or all the way into proprietary
mail system.
Best tool? Something that throws logs into a database and web i'face
that lets users seek mail to/from them and lets non-unix mail admins
seek data without calling me.
Empower the users.
> - the mta or the clients additional spam filters ?
>
> - if other people at the corp got emails from the same customer
> site at roughly the same time, than the client's additional
> spam filters is suspect ...
>
> just trying to prevent "it works for me and fails for tom, dick and harry"
> and there's lots of individuals
> - i prefer the it works for all or fails for all approach instead
> of tweaking for each user
Gee, and isn't this system admin 101?
> lots of various email policy ... for corporations to implement
I'd rather not give people green screens and VMail. I want my
users to have a rich email experience. I'll embrace HTML mail
as the choice has been proprietary mail and word attachments.
I'll embrace filtering mail for our own protections - external
image references should be stripped, HTML code should be stripped.
Use of Outlook should be a fireable offence (saw that once to my
delight at a VERY large NYC bank that did the math on recovering
from Outlook attacks and viruses).
I'll embrace giving my users tools to make their work more productive
and keeping mail they don't want out of their face.
More information about the Baylisa
mailing list