Why silently dropping mail is a bad idea

As someone who is responsible for filtering mail, there are a number of options that we have when it comes to filtering spam.  We can do any of the following:

  • Reject it in SMTP with an error message
  • Quarantine the message to cloud storage
  • Mark it with an x-header so that the user can filter it in their mail client without having to log in to a spam quarantine
  • Modify the subject line and do the same as above
  • Redirect the spam to another alias, such as an admin account (don’t know why you’d do this, but some people do)
  • Silently drop the message

These are not all the options there are, but they are the most common.  Of the ones above, the first five are good ideas.  The last one is a bad idea.

Why?

I want you to imagine a situation where you send a snail mail to a friend of yours who is not living close to you.  Suppose you send him (or her) a wedding invitation saying “Come celebrate with us!  Please respond by such-and-such a date so we can add you to our list!”  You send out a bunch of wedding invitations to all of your friends.  You look up their addresses in the phone book (ha, ha, ha, just kidding; I mean the Internet) and write out all of their home addresses, stamp each one and drop them in the mailbox.

Well, weeks go by and you hear back from various people.  Some say they can come, others say they can’t.  Some people don’t respond at all.  Your wedding comes, you have a great time, and you get on with your life.

Until you run into a friend one day who didn’t respond (you forgot to follow up in person because you’re lazy even though the wedding checklists all say you should do this).  “Hey!” you say at the brief encounter.  “Why didn’t you respond to my wedding invite?”

“Huh?” says your friend.  “What wedding invite?”

“The one I sent you in the mail!”

“I didn’t get a wedding invitation from anyone?”

“Sigh,” you sigh.  The Post Office either misdelivered it or it got lost in the mail somewhere.  Yet neither you were notified nor was your friend.  For all you know, the mail got there just fine.  For all he knows, you never sent him anything to begin with.  So how would he know to expect it?  Unfortunately, a very important piece of communication went missing and neither sender nor receiver knew that the other missed anything.

It’s for this reason that silently dropping mail is a bad idea.  Because spam filters are not perfect, they will occasionally generate false positives.  If the mail is rejected in SMTP, the sender knows there is a problem right away and can move to correct it.  If the mail is marked as spam by the receiver’s filter, it is delivered to a quarantine or junk mail folder.  Yes, it might take them a little longer to receive it (who checks their junk folder or quarantine every day? No one, that’s who), but at least they can retrieve it eventually.  The mail is still retrievable.

But if mail is silently dropped, then an important piece of information has gone missing.  Neither the sender nor receiver knows about it.  What’s the receiver supposed to do?  Ask everyone he knows if they sent him an important mail?  What’s the sender supposed to do?  Follow up with everyone they send mail to and ask “did you get my mail?”  That’s ridiculous.  Because of the risk of accidentally eating important mail and nobody will ever know about it (try troubleshooting that problem), silently dropping mail is a good idea.  Don’t hide behind the false positive SLA; lost mail is lost mail.  One is too many.

Why would anyone even silently drop mail?  I can think of one reason:  You don’t want to store spam.  This eats up server resources and bandwidth; you are storing disk space for junk mail and you want to maximize efficiency.  Well, guess what?  Stop whining!  As of this writing, here is how much free disk space Gmail gives you:

image

That’s over 7.6 gigs.  Obviously, Google is not worrying about a lack of disk space for a product that they give away for free (although they are charging advertisers for the privilege of your eyeballs).  Google does throw away spam after 30 days but the key point here is that they do it after 30 days – they give you a chance to review it first.

There isn’t a good reason to do silent drop.  Either tell the sender you are blocking it or tell the receiver.  If you tell no one and toss the message, that’s simply irresponsible.