At 09:50 PM 7/7/2003 -0400, Elric Pedder wrote:
> Howsabout when it's 200+ hijacked servers banging at you full-speed
> with the same spam? That's the reality.
Ideally the notification would be issued by the servers themselves
as a result of a 5xx response code during the SMTP transaction.
This may help the 200+ hijacked servers' administrators notice the
problem.
It may be a costly process, but you are only returning one
notification for each message.
If the policy were adaptive, then a SENDER who continues to ignore
rejections after some number of notices could be seen as abusive under that
policy and the rejection method could be escalated. Eventually you would
expect the system upon experiencing abuse (either by design or by error) to
refuse connections from the SENDER for a period of time... This might make
a good "safety valve".
In cases where policies are shared in a COT (Circle Of Trust), other
systems might adopt this policy and effectively disconnect misbehaving
systems until the abuse is ceased. A collaboration between systems with a
similar policy would allow for the "count of abuse" to be measured between
all systems in the COT such that any "attacker" would find the "noise
floor" in the detection system quite low... That is, they would not be able
to counter the disconnection mechanism by simply dispersing or pacing their
"attack" since multiple systems would be employed to measure the abuse.
A system like this would not be a direct element of a consent policy as it
is being defined here, but the specifications for a consent policy should
allow for mechanisms like this to become part of the decision model.
_M
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg