ietf-asrg
[Top] [All Lists]

Re: [Asrg] New proposal for spam blocking: Greylisting

2003-06-20 11:02:32
From: Evan Harris <eharris(_at_)puremagic(_dot_)com>

...
That makes sense for a small site, but I wonder if AOL or Microsoft
would agree.

The fact that they have systems that can handle those volumes of mail means
that they also probably already have the needed infrastructure in the way of
distributed scalable database backends.

It's one thing to have machinery that can send a half a billion messages
per day with currently typical queue delays.  It like something quite
different to have machinery that could send 500M messages/day, many
retransmitted 1-3 times more than currently and spending 1000 times
longer in the queue.

If all of AOL's peers used your system, a lot of AOL's mail would
start spending 10s or 100s of minutes instead of seconds in AOLs queue.

The cost of a retransmission is about the same as the cost of sending
a message.  Given an average message size of ~5K bytes, most of the
round trips as well as all of the DNS and TCP SYN delays in an SMTP
transaction are burned by the end of the Rcpt_TO command.  Contrary
to common naive calculations, the 6 packets and 3 or 4 round trips of
the DATA command are often the tail of the dog.


In the overall picture of handling any individual mail, the checks for
greylisting is a tiny amount.  Multiply that by a million mails an hour, and
it's still the same small percent, which means it should be straightforward
to implement it in a manner that scales with whatever infrastructure is
already in place.

Places like AOL and yahoo already use databases to store their user
accounts, and all the contacts for those user accounts.  Reimplement it to
take advantage of those existing databases, and the impact becomes even
less.

I'm not talking about the costs for the recipients running your system
but for the senders.



My bet is the opposite and that the employers of legislators will
never let them outlaw "mainsleaze" even as they instruct them to outlaw
the current spammers.  To prove the point at an extreme, consider the
likelihood of congresscritters outlawing their own spam.

So let them be handled by blacklists.  In either case, the fact that they
are trying to be legit means they are easily blocked since the headers
should not be forged. ...

Blacklists do not work for "mainsleaze" because a significant part
and usually most of those spews is not spam because it is wanted by
its targets.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>