I spent most of today sorting out and documenting changes we;re planning to make to our mail handling at the hospital. We’ve been upgrading some of the edge servers recently, and have had a fair number of requests for us to do something about spam. We’ll be inserting a machine running Spam Assassin between the edge mail hosts and our MS Exchange server.

One of the decisions I had to make was was whether or not to use RBLs. I’ve personally been opposed to the idea since I first heard of them, because I don’t like the idea of innocent individual sites and users getting caught in the battle against spam. I understand the reasoning behind the RBL operators wanting to put pressure on ISPs, but don’t agree with the principle of applying that pressure by preventing innocent users from sending email to sites using RBLs. To support my decision, I linked a copy of The SPAM Problem: Moving Beyond RBLs, which I recalled reading 18 months ago into our document. Philip presents a thorough case for not using RBLs in the fight against spam.