"Jon Kyme" <jrk(_at_)merseymail(_dot_)com> wrote:
I'm still surprised that you manage to conserve much in the way
of resources by accepting these connections and blackholing the
messages.
The number of TCP SYNs go down when there's no firewall whitelist,
but the total bandwidth used doesn't change by much.
Have I got this right? You don't save any bandwidth by accepting and
blackholing these messages?
What happens if the messages are rejected hard during the
transaction - are they still retried?
Yes.
For some reason, spammers don't appear to be following the SMTP
"best practices" documents.
I can't imagine what that reason is (apart from stupidity). Again, I'm
surprised - I guess that this isn't coming through open (but otherwise
normal) relays - It also seems rather costly for the spammer.
What do the figures look like? If you don't mind me asking.
Millions of TCP SYNs per day, with a firewall whitelist.
I might be wrong about this but I seem to remember that a TCP/IP packet
with no data is about 40 octets? So I can see that sending millions of RST
to millions of SYN might add up to about the same bandwidth as accepting
hundreds of thousands of spam.
When all connections are accepted & email to non-user accounts
silently discarded, 500K+ messages per day. When taken against
"real" email to me at the domain, the traffic is more than 99.9% spam.
I still can't see what the issue here is. Silently failing this spam
doesn't seem to save anything much.
And it's been going up by a factor of at least 2, every year, for
about as long as I've had the domain. This is the future of email for
everyone.
I don't see how that follows, but I can't prove that you're not right.
Thanks for bearing with me.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg