--Gordon Fecyk <gordonf(_at_)pan-am(_dot_)ca> wrote:
The question of network overhead and impact came up early on. If the
cure to forgery is more network-expensive than the disease of forgery, no
one's going to implement it. Early numbers suggest a considerable
savings but bad design decisions now could reduce that savings or
eliminate it.
We need to measure the impact, but what to measure? I wanted to get the
question out early, especially as Meng, Harry and Jim draft a document to
combine their proposals. What can be measured? Where should it be
measured? And how do we measure it?
These things immediately came to mind:
A very good list.
Some other things sysadmins and managers might be interested in...
Measurements of MARID checking compared to other methods
- costs to filter questionable email, like spamassassin
- costs to keep spam quarantined but not deleted
- cost and success rate of checking RDNS, which some sites do
- cost of checking basic DNS (sender domain exists, MX not 127.0.0.1)
Differences between MARID at the edge versus at a second-stage filter
Anything that saves an additional TCP session from being opened (such as
forwarding the mail to the internal server) compared to the UDP DNS lookups
needed to avoid making the second TCP connection.
I'm thinking what you're probably thinking... that anti-forgery measures
will eventually result in a net gain, but it will be difficult to prove
empirically. I would suggest to focus on ratios more than raw numbers.
How much of mail is spam, and how much of that is forged? How much
different would the bandwidth be if the forged messages could be blocked
before the DATA command?
(Of course I have no answers, just more questions :)
gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>