"Jon Kyme" <jrk(_at_)merseymail(_dot_)com> wrote:
The number of TCP SYNs go down when there's no firewall whitelist,
but the total bandwidth used doesn't change by much.
Have I got this right? You don't save any bandwidth by accepting and
blackholing these messages?
That's not what I said.
Accepting the connection means 1/10 the TCP SYNs, which means
there's that much SMTP traffic which can occur, before the messages
start taking more bandwidth than the TCP SYNs.
How much data is in each spam message? 2k? 10K? For 100's of 1000's
of messages, as opposed to much smaller TCP SYN packets, for millions
of packets.
The total bandwidth is similar, to an order of magnitude or so.
There is no massive savings in spam, by either blocking, or accepting
messages.
For some reason, spammers don't appear to be following the SMTP
"best practices" documents.
I can't imagine what that reason is (apart from stupidity).
Stupidity, laziness, or malicousness, it's all the same in the end.
I might be wrong about this but I seem to remember that a TCP/IP packet
with no data is about 40 octets? So I can see that sending millions of RST
to millions of SYN might add up to about the same bandwidth as accepting
hundreds of thousands of spam.
Yup.
When all connections are accepted & email to non-user accounts
silently discarded, 500K+ messages per day. When taken against
"real" email to me at the domain, the traffic is more than 99.9% spam.
I still can't see what the issue here is. Silently failing this spam
doesn't seem to save anything much.
That was most of my point.
Spam is a permanent DDoS attack, and until it's fixed at the
source(s), there's little any one recipient can do to stop the flood.
And it's been going up by a factor of at least 2, every year, for
about as long as I've had the domain. This is the future of email for
everyone.
I don't see how that follows, but I can't prove that you're not right.
It follows because that's been my experience over the past number of
years. Everyone else's spam loads are going up significantly. The
only reason why they don't have my traffic yet is that they started
off lower in the spam load.
Since everyones spam loads are increasing, the peak loads today will
be the average loads in a few months to years. The ONLY way to make
that statement untrue is to prevent the spam loads from increasing.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg