Michel,
I really do not know what to say, other than I rather pass the pain of sorting out spam to the end-client. Clients then will complain that they are getting too much spam, so I bring the filters on the email server up - now they are not getting important emails.

Example:
One of my clients received about 200-500 email inquiries DAILY, but out of those only 10 - 20 were real emails - the rests were spam or had a virus load. The problem was that their email address was on their website and we could not filter since some came from overseas and for some reason they tend to trigger the spam filters. On the last redesign of their web site we took all email addresses off, but provided a robust inquiry form (we also provided address, fax, and phone numbers) that told users not to send any confidential information this way. In addition, based on the type of inquiry the message is routed to the right recipient, instead of having a catch-all account that had to be managed. Traffic is down t0 10 - 20 legitimate inquiries daily, and about 5 legitimate land in the old email address weekly. Problem solved on the recipient side.

So, which side of the email chain do we place the burden? Should senders be validated before their email is passed forth, or should the receiver be forced to filter their email? And from an organizational perspective, what level of risk is the organization willing to take if per chance a 'bad email' gets loose in their organization, or they miss out on a deal due to spam filtering?

Me? I want ALL my email, I will deal with spam and bad stuff, and if I want that Word document so badly, then I know how to get it. Unfortunately about 80% of users can not make an informed decision, but then that is why I have a job and it is not theirs.



>>Point well taken!! I am having trouble just mentioning MS on this, since a lot of vendors are tightening security around email
>>(GMail doesn't even let you send ZIP files, for example). Other vendors put such a tight security policy in their email
>>servers that it just 'deletes' emails that are suspicious independently of the end-user. I have encountered this issue with
>>email servers that do not even notify the sender that a 'bounce' has taken place (UNIX/LINUX/MS... regardless of platform).
>>And Act has fits over PDF files, not to meintion its love to unsiggned MS Office documents (those are the ones that will kill
>>you with malicious code/worms/virii). Also, those self-appointed sites that most email servers access to check the validity of
>>a domain (I can basically put an anonymous complaint in a couple of those that will cause a domain or outgoing mail server IP
>>to be blacklisted automatically on may big email gateway, such as AOL, timewarner, 1and1, etc.) http://ordb.org/lookup/
>>or http://www.spamcop.net/bl.shtml for example - they also work off IP addresses instead of domains.

>This topic is very interesting. Some mail servers could delete, as mentioned, email, and some of them could be really important
>email that the received will never received and no one would even know what happened, or what was suppose to be received. I can
>see right now a lot of serious problems in the corporate infrastructure assuming such case.

>I have observed some issues right now that I don't really like:

>1. As you mentioned, some mail environments don't let you send or receive ZIP files
>2. If you include some HTML in your email, that could be interpreted as SPAM immediately
>3. Some email software cannot interpret simple HTML tags occasionnaly which is causing some problems
>4. As mentioned, important emails get lost and nobody knows what ever happened