On December 13, 2012 at 09:21 mike(_at_)mtcc(_dot_)com (Michael Thomas) wrote:
On 12/13/2012 09:16 AM, Barry Shein wrote:
There's also Jef Poskanzer's greymilter which basically requires one
re-send from each never before seen mail server not in a white list.
And sendmail (and others') HELO delay (delay sending HELO a short
period of time) and don't speak until you're spoken to whatever they
call it (I use it, the sender must wait for the SMTP responses, can't
just dump an SMTP conversation at you.)
They're basically isomorphic to hashcash type solutions, increase the
sender's cost, but very transparent and quite clever because of that.
Given botnets, anything that tries to shift burden back onto the
sender is not very likely to be effective in the long run. Yes, you
might get some short term relief, but the firehose is just a software
update away.
Has this been measured (reference)? Or is this just one of those
"truisms" that kick around here?
I'm thinking that a spammer has to put out on the order of a billion
messages (attempts) per day to be interesting.
If you slowed those down that would be a blow to them, a billion times
even a little is a lot.
Sure, we can postulate infinite botted systems I suppose.
But that's still just a wild guess.
I'm not arguing for hashcash per se, I think it has other problems,
but I also wonder if this counter-claim is really true.
Or, put better, can we quantify it?
--
-Barry Shein
The World | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg