IP address reputation, BorderWare

James Fagan jfagan at firstlightnetworks.com
Fri Mar 23 18:42:57 CET 2007

> Which is nearly always the case in a "flood".  I don't recall ever
> seeing a spam flood that consisted of ten thousand different spam
> messages to the same name.  Ten thousand different names on the same
> domain?  All of the time.  Even if address reuse in a flood *were*
> common, your response would only apply if all milters and other
> for doing SAV cached the lookups.

My understanding is that milters like SMF-SAV do cache the lookups. So 
if one of your users gets "joe-jobbed" and a spammer sends 10k messages 
to our server, a server using SAV only check the address once, and use 
that data to deal with the rest of the flood.



SAV does cache and it can be configured. I have mine set to hold the
cache for one week. It does this for senders and recipients. 

Has anyone actually lost service (DoS) due to this ?

What are the real costs to other admins other than more log files, and
hating people like me ? 

Has anyone actually lost time or money because another server wanted to
verify if a sender actually existed ? 

Why is the ability to know if a user account is available on a system
built into many MTA's ? 

Is SAV worse than any of the probes and scripted attacks ?

I can see in a way that other systems "should" not interact with a
system that may or not be responsible for a communication, but at some
point there has to be accountability. I think the idea of SPF is good,
but in practice, not so good. Based on some of the strong views
presented here, I think I will extend the cache for SAV to two weeks and
I hope that can take some of the sting out. Besides we are small in


More information about the MailScanner mailing list