"Chris Lewis" <clewis(_at_)nortelnetworks(_dot_)com> wrote:
Brad Templeton wrote:
However, the key test is this -- what's the volume compared to that
of normal mail. If, for example, it's 1% of normal mail, there
really isn't a server load question of significance. If currently
spam is 80% of all mail, a factor of 1000 would make it .4% of all
mail. Is spam now over 80% of all mail?
In some cases yes. Ours is getting close to 80%.
I know of at least one site which would *love* to get only 80%
spam. It's currently sitting at 99.99%, the last time I heard from
them.
That statistic alone drives most of my opinions about spam. Nearly
all of the "solutions" or "descriptions" I've heard won't work with
that low a signal to noise ratio.
Spam has become a permanent DDoS attack. No other description of
the problem is accurate.
I'm not sure that any other protocol allows anonymous IP's to send
reams of unrequested traffic to a server. Pretty much every other
protocol either has a client requesting data from a server, or the
client-server conversation is authenticated (signed, or administrator
configured.)
That says SMTP is different. It should be treated differently from
any other protocol.
So I'm less interested in the definition of spam, or why it's being
sent. What I would like to know is: How can we fix SMTP to remove
it's designed-in DDoS capability?
It's the Slashdot effect in reverse. What do you do when 100,000
people suddenly decide that they all want to send you mail? The
answer usually is that you spend the next day fixing your systems
after they crashed...
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg