On Nov 30, 6:05pm, Matthew Elvey wrote:
}
} On 11/30/2003 5:00 PM, Bart Schaefer sent forth electrons to convey:
}
} >In the victim V case, an innocent third party has been DDoS'd by the
} >servers in set W. That there currently exist other mechanisms by which
} >a similar DDoS could be caused is not justification for recommending
} >yet another one.
}
} Without WSCAP, wouldn't V likely receive tons of DSNs for email it never
} sent? Replacing those with WSCAP probes seems a net reduction in the
} impact of the DDoS to me.
DSNs are sent only when the spam's RCPT TO: is invalid -- and then only
when the border MX is not able to reject with a 5xx. Caller-ID probes
occur for _all_ mail, whether destined for a valid recipient or not,
because Hector's stated purpose is to test at MAIL FROM: and prevent the
spammer from getting as far as RCPT TO:.
Unless I've missed something, the volume of WSCAP probes is going to be
significantly greater than the volume of DSNs would ever be. And as I've
said already, the existence of another DDoS does not justify recommending
a new one.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg