BTW, the proxy scenario I gave above isn't intended to be a ready
solution, rather it's an argument to prop up my claim that handling
the invalid requests can be handled scalably.
All I get from it is that an in-memory hash or other fast lookup
algorithm, if it's not being used already, might speed up response
time assuming that your model improves on the resources which are
actually strapped.
That doesn't address scalability, it just shifts the knee of the curve
much like a faster CPU or more memory might.
How much scaleability do you NEED?
...Scalability has to address:
a) The critical resource(s)
Whatever it might be, it's CERTAINLY not the speed of searching for one of
(even) 50 million valid E-mail addresses in in-memory hash tables.
b) Permutational effects
I don't consider those to be issues either... or if you're convinced they are,
perhaps you might explain how and why.
Where (b) is often subtle and significant. For example, if you use N
servers you have to load balance between them. How does that
decision-making scale as N increases. It's often somewhere between
O(N^2) and O(N!).
It's easy (and VERY fast, a mere handful of machine instructions) to split such
a hash table... for example, you can do something as simple as index using the
first character of the E-mail address into an array to determine which of
(possibly) several hash table lookup machines that address would reside in.
Jeez, I can't believe we're even talking about ridiculous low-level, trivial
stuff like this here.
But the whole discussion is silly, since in fact the table would fit EASILY in
a
single machine, probably along with the mail server itself, and wherever the
throughput gauntlet is, it wouldn't be THERE.
At any rate, as fascinating as some might find it I sincerely don't
believe the problem with spam, even at the ingress, is going to be
solved or even ameliorated for very long by some improvement in
recipient validity processing.
Sure, at some hypothetical infinite level of spam ingress volume you end up
with
what looks for all the world like a DDOS attack... like trying to drink out of
a
firehose.
It's like someone breaking your windows unchallenged and someone says
I know, let's find cheaper ways to make window panes!
This is part of why I believe the better solution is to consider NOT ONLY JUST
things like sender authorization (which in fact does damned near NOTHING to
prevent infected machines from pouring garbage E-mails, and worms/viruses for
that matter, onto the net using the infected machine's authorizations) but
rather approaches which largely negate the ability to commandeer machines using
E-mail messages (and that means, for the most part, HTML and attachments). As
long as spammers and hackers can readily infect (in a matter of a few hours)
millions of computers belonging to clueless Lusers, there is NOTHING that will
prevent them from using those zombie armies to launch massive waves of spams,
viruses, or even (for that matter) just ordinary simple DDOS attacks.
Corporations, NO MATTER HOW WELL PROTECTED THEIR DATA CENTERS SUPPOSEDLY ARE,
can do **nothing** to prevent such DDOS attacks, since once the garbage gets to
their data center, the damage has pretty much already been done. So THEIR
enterprise-level interests HAVE TO INCLUDE making sure that INDIVIDUAL USERS
have reasonable protection against stuff like that, too.
That's why it's so crucial that the protections be built into the most widely
available packages such as Outlook, Outlook Express, Eudora, Pegasus, etc etc.
Current-level Microsoft stuff allows you to turn off attachments (say, or HTML)
for EVERYBODY, which is ridiculously impractical because nearly EVERYBODY needs
to receive attachments of SOME sort, or HTML, at least occasionally, from
SOMEONE. So the result is that that limitation is turned off, and finally
accomplishes nothing. It needs to be something finer-grained, and way more
selective, that's left at the "protected/armored" condition for the *great*
majority of incoming messages.
Until it's made harder to infect armies of individual clueless Luser-owned
machines, there's truly LITTLE point in debating ANY of these other approaches,
because they can simply be overwhelmed with DDOS attacks (or spam that
effectively becomes that, in volume).
And, happily, while we're at it and putting the hammer down on HTML and
untrusted attachments, we also simultaneously make content-based anti-spam
filters WAY more effective than they typically are today, AND take away (in one
fell swoop) most of the tricks that spammers use to deceive. We also make it
FAR harder for spammers to not just SEND stuff cheaply in large volumes, but
make the probability of it ever being delivered and read vanishingly small...
bringing us far closer to the day when spammers will simply move off to another
type of more profitable and easier [scam] business model.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg