IP address reputation, BorderWare

[Rick Chadderdon]

Res wrote:
> On Fri, 23 Mar 2007, Kevin Miller wrote:
>
>> Bandwidth that isn't used by a spammer is bandwidth that is available
>> for your users to use.  No magic there.  Think freeway - would you
>> rather drive it under rush hour conditions or 3am conditions?
>>
>
> And since 75% of all internet pkts these days is spam your point is valid.

Hardly.  I've still seen nobody provide any evidence that any of this 
insane spam bandwidth directly affects the experience *any* of us have 
on the 'net.  (Indirect effects, I mean.  Obviously spam we receive 
affects us.)  Kevin suggested that the last mile wasn't important, but 
that's all that *is* important to any consumer.  If I'm getting what I 
pay for, and the price is one I'm willing to pay, as a consumer I *don't 
care* how much of the bandwidth I'm *not* getting is being used by 
spammers.  In fact, to be fair, if the 75% figure is true then it's 
fairly safe to say that we'd be paying *more* for our bandwidth if the 
spammers hadn't placed such a demand on the infrastructure that it had 
to be improved and the amount of bandwidth available increased.  Without 
them, the providers would still be charging us the old rates.  I don't 
see anyone lining up to thank the spammers for making home broadband 
affordable.  I remember a decade ago...   At home, I was paying about 
five times what I currently pay for 10 megabits - just to get 
dual-channel DSL. (128K)

> SV is no worse then grey-listing in fact probably LESS, it causes more 
> retries and bandwith yet nobody seems to have a problem with those 
> that do
> that.

I mentioned that I had some misgivings about greylisting.  The most 
important difference from a moral viewpoint is that greylisting only 
affects people who are directly connecting to me, deliberately.  SAV 
affects people who never tried to mail me.

> It's simple, if anyone is so concerned about a few extra bytes of 
> traffic in SV, you can solve all of your paranoia simply like this
>
> telnet core
> conf t
> access-list 191 deny tcp any any eq 25
>
> int FastEthernet0
> ip access-group 191 in
>
>
> ..there all your problems have now gone away :P

None of my routers are named "core".  :P 

I think I've made it clear that it's not the volume of usage that 
bothers me (although there have been days where I've gotten more 
connections from a SAV flood than I did legitimate delivery attempts). 
It's the thoughtless, selfishly justified actions of people who think 
it's ok to hammer my server because it saves them bandwidth.  Kevin's 
"community Internet" theory aside, there is no tangible benefit to 
*anyone* other than the user of SAV, and he's using the resources of 
others to attain that benefit.  Anyone sophisticated enough to configure 
SAV also already has their system configured *not* to send NDRs after 
the SMTP transaction.  I hope.  In any case, it's not the amount of 
resources being consumed that bothers me - it's the fact that they're 
being used at all in a way that only *arguably* benefits me, without my 
consent, and that even with the awareness that there are people (even if 
it's only me, and I guarantee that it's not) who would prefer that you 
didn't do it to them, you'll do it anyway.

Your above solution would also solve your spam problem, but here you 
are, with the rest of us, working to eliminate spam from our users lives 
- instead of just telling them to "deal with it."

Rick