ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0. General

2004-03-30 16:37:42
from [Brad Knowles] [Permanent Link] 
At 4:07 PM -0400 2003/10/22, David Maxwell wrote:


 So, connections from nameless IPs probably deserve to be weighted as
 'spam-likely' in your consent decision. Perhaps even 'spam, guaranteed'.


        That's fine, but keep in mind that this has collateral damage 
consequences.
Use DRIP (or DRIP-like techniques) as a whitelist, and that can be abused, too -- Plenty of spammers are perfectly happy to authenticate in whatever way you want, and will make sure that their reverse DNS fully matches, etc... just to get their mail through. Then there are the virus/spammers who use victim machines distributed around the world, most of whom probably are properly configured to use outbound mail relays that are likewise correctly configured. 


 That design decision was made before the current situation came into
 being. Now, my spamassassin installation spends far more time doing
 content inspection on spam messages than the 'too much time' it would
 take to validate the provided hostname.
Then your spamassassin configuration is not correctly configured. You shouldn't be using it that way unless you can make sure that you can conform to the same kinds of situations and response times as were anticipated when the RFC was written. 


 The network environment has changed, the assumptions about overhead need
 to be re-evaluated.
Re-writing the RFC is a different matter, something which I believe we are also participating in. However, until the RFC is re-written and gotten to at least the "Proposed Standard" stage, you should not be knowingly in violation of it. 

--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: FW: [Asrg] 0. General, Brad Knowles
Next by Date:  RE: [Asrg] Re: 6. Proposals - Pull System (revisited), Chris
Previous by Thread:  Re: [Asrg] 0. General, Brad Knowles
Next by Thread:  Re: [Asrg] 0. General, Brad Knowles
Indexes:  [Date] [Thread] [Top] [All Lists]