IP address reputation, BorderWare
Rick Chadderdon
mailscanner at yeticomputers.com
Thu Mar 29 19:29:08 CEST 2007
Res wrote:
> The fact remains you accept these risks if you run a public mail
> server, just like greylisting
Yes, I know. And the fact remains that greylisting and SAV are two
entirely different moral questions because of who is initiating the
behavior against whom. The fact also remains that the "you accept these
risks" attitude is the same attitude the spammers use to justify their
crap, and the "it's only a few bytes" argument has no bearing on whether
or not it's *right* to do it. I'll live with it, but it's rude
behavior. And if a technological method were to offer itself that would
allow me to block SAV checks without hindering the use of the server for
its purpose, I'd do so, just like I do for spam.
I'd prefer to see sender verification as a part of the SMTP protocol.
If it were, most MTAs would log it in such a way that it was easier to
filter when going through logs. Some would probably allow a log level
at which SV was not logged. It would also possibly help with the spam
problem in a couple of ways not currently possible with just the
milter. This is really only a moral question for me. If sender
verification was a normal part of SMTP, and it could be turned on or
off, I'd leave it on to help others verify their incoming mail. Since
it is not, and since I can *not* easily stop people from verifying
against me, and since they're doing it anyway - it irritates me.
> I dont like it, I disagree with i5, it causes more problems for me and
> my staff then whats its worth by others using it, however, I accept
> many do it, I'd rather the resources of my mail servers not be taken
> up with constant retries because of that crud, but it goes on, I live
> with it,k you will have to live with it.
Okay, so we're in agreement. I guess the difference is that when I
don't like something and I disagree with it, I don't tell people "keep
using the filter."
>>
>> You have multi-gigabit bandwidth at home? Impressive, and... well,
>> I don't
>
> No, I look at it for my companies point of view, however, if a HOME
> USER wishes to have an exposed smtp server, then they must accept and
> expect the exact same risks as any national telco or corporation that
> does.
Agreed. The entire "home user" point I was trying to make was that
bandwidth has become ridiculously cheap for most people, in comparison
to what it cost just a decade ago. I have 10M at home, 10M at the
office (although it's split up a bit), and my complaints refer to the
mail server at the office. I don't run one at home anymore.
> p2p would be less than 40% [...]
> Mail servers about 15%
So, your mail consumes a slightly higher portion of your bandwidth than
does mine, but we're really not that far apart. I have the advantage of
not providing "public" internet access anymore. I provide access to a
couple of companies, and none of them would dream of slowing down their
business apps with filesharing. I do occasionally have to get on a
couple of specific users for streaming radio stations and youtbe videos,
though. They don't seem to want to believe that with a couple of apps
talking to each other constantly across VPNs, normal Internet usage
shared by about 35 people and the desire of typical users today to send
multi-megabyte files back and forth in their email, that a few users
streaming audio and video can actually have a negative impact. But, as
they say, "I can do it at home with just my one little old computer, so
with all of these big servers, why can't I do it here?"
>> Case one: You initiate the behavior, I respond by consuming your
>> resources.
>
> Thats ok, I think i can afford the couple hundred BYTES of conversation
> packets :) and if you run a 10mb link I doubt youd even know it was
> happening if you never looked in your logs.
Right. And morally, it doesn't bother me when someone makes me jump
through hoops to send them mail. I can choose to do so, or not. My
choice. I don't respond to TDMA messages, but I happily retry when I
hit a greylist. TDMA suffers from the same problem SAV does - it
normally affects third-parties, not those directly trying to communicate
with the user.
>>
>> Exactly what I said... It is of benefit to you, the user of SAV, not
>> to the
>
> Thats correct, just like those who use greylisting, its of benefit to
> them, not me
Just so I know which it is... Do you honestly not see the difference
between affecting a third party and affecting one who is directly
dealing with you, or do you simply not care? I know we don't agree, but
I'd kind of like to know whether it's because you're missing my point -
or you don't think the difference is relevant.
>> and due to the way it was implemented there is no way that you can
>> avoid it's effects, or its drain on your time. You don't *want* to
>> do this thing. Even
>
> but its no drain on time, your analogies are flawed, as it doesnt
> require anyone to sit in the server room and watch it happening, its
> no worse then dns lookups, greylisting, etc etc etc
No, my first analogy was based on my own experience. I *do* spend a
total of about an extra hour per month dealing with the results of all
of this extra crap in my mail logs. Discarding the analogies as flawed
(and then refusing to address them) strikes me as a cheap cop-out.
Please understand that I'm talking only about the moral choices
involved, which is why the second analogy was so exaggerated. If you
rely on the *amount* of impact on the complainant, you can argue that
spam itself was okay 'til it reached "x" level of messages per
day/month/whatever. Spam has never been okay, in any amount, and I was
one of the first people to implement a strict (rabid) anti-spam policy
for my customers, back when everyone was saying, "just hit delete."
DNS lookups are what the DNS server is for. SAV is *not* what my mail
server is for. Until it's part of the normal operation of a mailserver,
I don't want anyone using my resources just because a third party is
using theirs. Greylisting... covered above.
While I'm not sure that I've been clear enough for everyone to
understand the moral flaws I'm pointing out, I do think I've made them
as clear as I can without specific requests for further discussion.
Since I've contributed heavily to this thread being almost *entirely*
off-topic, and I don't see much more progress being made here, I invite
anyone interested in continuing to explore this line of thought to do so
off-list.
Rick
More information about the MailScanner
mailing list