IP address reputation, BorderWare

Rick Chadderdon mailscanner at yeticomputers.com
Fri Mar 23 21:35:09 CET 2007

James Fagan wrote:
> Has anyone actually lost service (DoS) due to this ?

I doubt that anyone running a serious mail server has actually lost
service due to the minimal impact of this, as yet.

> What are the real costs to other admins other than more log files, and
> hating people like me ?

Please don't trivialize "more log files" or anything else that impacts
the way other people prefer to handle their work flow.  I don't hate
"people like you", either.  I just think that you assume too much about
how much work it's okay for other people to absorb on your behalf. 
Without their consent, I mean.  This line of thought is what leads
spammers to say, "Just hit delete."  They don't want to change something
that's beneficial to them, so they expect us to handle the overflow
work.  Would this list even exist if spam was still at 1995 levels? 
Back then, *most* people I spoke with said, "What's the big deal?  Let
your users hit delete - it's what I do."  Nowadays?  Well, you know the
score now.

> Has anyone actually lost time or money because another server wanted to
> verify if a sender actually existed ? 

Yes.  I have.  I've spent hours more parsing logs than I should have
because there were a ton of SAV log entries.  Money?  Mmf...  Some
people say "time is money."  I don't know if I'd go that far, but I have
certainly lost time.  I don't pay myself any more regardless of how much
time I sit in front of my servers trying to track down a problem.

> Why is the ability to know if a user account is available on a system
> built into many MTA's ?

Because it's not a bad idea on the surface.  Neither are NDRs, if you
leave out the existence of spam.  Or a lot of other features which are
abused by spammers.  Most, if not all, of the top MTAs were designed
well before spam reached anywhere close to the current volume.

> Is SAV worse than any of the probes and scripted attacks ?

No, since most of the users of SAV are not being deliberately
malicious.  Just intrusively selfish.  Hm...  "intrusively selfish" 
There's something weird about that phrase.  :)

> I think I will extend the cache for SAV to two weeks and
> I hope that can take some of the sting out. Besides we are small in
> comparison.

Thanks for making at least that effort.  :)


More information about the MailScanner mailing list