Re: [Asrg] Spam Control Complexity -- scaling, adoption, diversit y a

Kee Hinckley wrote:

> At 9:49 AM +0200 4/23/03, Andrzej Filip wrote:
>
> > > Sigh.  Time to buy another disk I guess.
> > Tapes may be more suitable for the task.
> > How many messages from <> to non existing local users YOUR site 
> > bounces per day ?
> I don't know, my mail system only logs the RCPT address in the bounce 
> info.
> I'm currently averaging 30 bounces a minute, with a peak of 96 in the 
> last 24 hours.  I've seen as high as 700 per minute though.  That's on 
> a site with no more than a dozen or so real email addresses.
> http://www.somewhere.com/mrtg/smtp-reject.html
>
> Actual bounce-back used to be worse when we were a common forged 
> address.  I could get thousands a minute if AOL's servers were getting 
> hit.
You have provided a convincing proof that recording bounces sent to 
nonexisting addresses on your sytem does make a difference.
But anyway you talk about 1/2 messsage per second (on average), less 
than 2 messages per second in peak and 43000 messages per day.
I think (and hope) that your system situation is not typical.

> > Are you ready to tell in public that you do not give a dam about who 
> > fakes sender addresses in your email domain ?
> I used to.  I don't anymore.  It's kind of like littering.  I'd like 
> it to stop, but I'm not going to try and track every piece of litter 
> to the source--just the big abusers.  Keep in mind, I'm a special 
> case.  Millions of people forge somewhere.com.
It is sad that I can understand you :(

> Unfortunately the fact that I know who they are doesn't help me at 
> all.  Axis (internet-enabled video cameras).  Microsoft (FrontPage 
> templates).  They forged it.  I'm suffering the consequences.  Now what?
> If you want to look at legal requirements. Give me a way of going 
> after someone for forging my domain where I can claim more than just 
> lost time as my damages.  Then you won't need to require people to 
> store bounce-back--they'll have an incentive.
I hope that the legal system is capable to punish big systematic 
abusers, I know it will take "some" time.
There is a chance that spammers will prefer to forge addresses in 
domains without such records I suggested ;-)
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg