On Nov 12, 2008, at 12:09 PM, Chris Lewis wrote:
Remember that CBL's detection reliability is extremely good, and also
that the CBL only makes detection on an actual email attempt from the
listed IP. If telekom.gov.tr supported ARF, and the CBL instrumented
their detectors to generate ARF, that would be at least 440,000 unique
IP reports over whatever interval the CBL is reporting. Which seems
to
be about a week... What abuse desk could cope with that flow rate?
No-one.
I have customers handling 250,000 reports via email a day, and they're
not all as nicely automatable as ARF either, so it's not entirely out
of the
question. :)
ARF is not really intended for unsolicited reports, though, it's
intended
for solicited reports between consenting parties to be handled via
automated
processing, often with no eyeballs on the content at either end. If the
sender and the receiver consent to using ARF for high traffic reporting
it's not something that will affect anyone else much.
(That still doesn't make ARF necessarily the right format for that
sort of thing, though.)
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg