IP address reputation, BorderWare
Rick Chadderdon
mailscanner at yeticomputers.com
Fri Mar 23 17:22:23 CET 2007
Kevin Miller wrote:
> Rick Chadderdon wrote:
>
>> Kevin Miller wrote:
>>
>>> If I can spend a nickle to not have to spend a dime it's worth it
>>> every time...
>>>
>>>
>> The problem comes when you start spending my nickles without asking.
>> Which is exactly what sender address verification does.
>>
>> Rick
>>
>
> It depends on the spam flood. SMF-SAV caches the lookups, so if the
> from address is reused on the inbounds, it only has to do a single
> lookup. If they use a new from username, then yeah, your server gets
> pinged multiple times.
>
Which is nearly always the case in a "flood". I don't recall ever
seeing a spam flood that consisted of ten thousand different spam
messages to the same name. Ten thousand different names on the same
domain? All of the time. Even if address reuse in a flood *were*
common, your response would only apply if all milters and other methods
for doing SAV cached the lookups.
> But the thing is, if spam is dropped before it is sent, it diminishes
> "internet background noise". You benefit from that, along with
> everybody else.
No, I don't. Nobody benefits from the spam you reject other than
yourself. And if you reject spam using my resources, you're *creating*
background noise, at least on my server. If you are suggesting that a
cooperative use of this technique by everyone would reduce overall
Internet bandwidth usage and perhaps lower the prices that providers
charge for said bandwidth... Well, that theory would take quite a bit
of work to support. A T1 today costs probably an eighth or less of what
it did when I first had to price one and that is not because bandwidth
usage has dropped.
> We all pay a little, and receive a greater synergestic common good...
>
Before I'd consider this a valid argument, I'd want to see some evidence
that the bandwidth you and the spammer save from the use of SAV actually
contributes *anything* to a 'common good'. My impression is that it
benefits only the user of the technique. Even at that, I'm
philosophically opposed to the non-consensual use of the resources of
others. I even feel slightly guilty about the use of greylisting
because I'm asking other servers to make two delivery attempts the first
time they send mail to a domain I control. I only justify it by
remembering that they're initiating the contact. They can choose *not*
to resend (and some do) and they can set their policies as to whether
they want to talk to servers that use greylisting. In the case of SAV,
nearly all of the time you're harassing a server that never tried to
talk to you.
Rick
More information about the MailScanner
mailing list