were mounting a distributed denial-of-service attack, using
propaganda and disinformation to entice gullible MTA administrators
into filtering using their criteria.
You certainly won't convince me by insulting me.
Then again, the fact that cs.utk.edu didn't manage to do *anything* about
being a wide open relay for *months* is in itself an appalling display.
cs.utk.edu was, like most other machines that had been around awhile,
a wide-open relay for several years, dating back to the first cs.utk.edu
machine.
when it became apparent that open relays were being abused by spammers,
we took steps to limit the ability of spammers to use cs.utk.edu in this
way. in effect, we limited the number of non-local recipients to which
any one IP address could send in any 24 hour period. we did this because
we had legitimate users who needed to send mail from random locations
in the Internet without having to reconfigure their user agents each time.
these measures were in fact effective - which is not to say that we
relayed no spam at all, but the number of messages relayed was limited
to a few in any one day...and yes, we monitored the number of messages
blocked to see that this was the case. our goal was to make it easier
to send the spam directly than through us, and we succeeded.
however, multiple blacklists insisted that we were running an open relay,
and a number of sites believed them and used those blacklists as an excuse
to block legitimate mail. eventually we were directed by higher ups
(who had no appreciation of the technical issues) to close our relay
entirely, thus impairing our legitimate users.
this is why I term the blacklists as a distributed denial of service
attack based on disinformation - because it's exactly what they are.
But it is, of course, a long inhonourable tradition to shoot the
messenger.
if the messenger is lying, perhaps he deserves to be shot...or at least
hung by his thumbs.
And the statistics certainly draw a pretty clear picture. The amount of
spam I receive that gets filtered out via blacklists is incredibly huge.
how much lossage of other people's legitimate mail is an acceptable
amount for an attacker to cause?
In this case the attackers were naive
about the likely good that it would do and about the harm that would
result.
Experince says they were naive only insofar as they underestimated the
good, and overestimated the bad effects.
My experience says exactly the opposite.
Keith