IP address reputation, BorderWare

Rick Chadderdon mailscanner at yeticomputers.com
Fri Mar 23 17:22:26 CET 2007


Chris Yuzik wrote:
> Rick Chadderdon wrote:
>> If you get a
>> dictionary spam flood from someone forging one of my domains, I get a
>> connection flood from you while your system tries to validate those
>> thousands of bogus addresses.  Uncool and unwelcome.
> Rick,
>
> I see your point. Perhaps it depends on the order with which these
> checks happen.
>
> My understanding is that our servers don't do SAV unless the inbound
> message is for a real recipient (or alias). We prohibit the use of a
> "catch-all" alias, so a dictionary attack on our server won't really
> have much effect on you. Or am I wrong (we use SMF-SAV with Sendmail)?
> If I'm wrong, and the milter initiates a verification even before
> checking to see if a recipient exists, then I may have to re-evaluate
> our stance.
>
> What do you think? 

I certainly appreciate the effort to minimize the impact of SAV on
others.  I am, however, somewhat of an absolutist when it comes to
certain issues, and I don't like my resources used without my consent,
in a way not required by the act of offering a given kind of resource to
the world.  Now, I suppose it all really boils down to the question of
what "normal" use is.  I'd probably not have a problem with SAV at all
if it was part of the *standard* for email communications.  Then it
would just be something one had to deal with, and those verification
floods would be just another thing to deal with - and blame on the bad
guys.  But it's not.  Maybe it should be.

If Matt makes the changes he spoke of, I'd be a lot less grumpy about
the use of this milter.  Still, if a large provider using SAV were
dictionary-spammed with a joe-job of one of my users, I'd be sharing
their pain, quite unwillingly, simply because of the number of valid
addresses they'd hit.  I *have* had days where my logs were so full of
SAV junk that working with them was made far more painful than it needed
to be.

I also don't like the fact that my logs are full of portscans, but those
guys don't step out where I can tell 'em how I feel.  :)

Rick


More information about the MailScanner mailing list