ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Measuring MARID

2004-05-25 05:19:54
from [Sauer, Damon] [Permanent Link] 

 Well.... maybe I can shed some light using my own systems as an
example.

 Currently I process 2 million internet inbound emails a day.
 25% of those are dropped with bad RDNS lookups.
 65% of what is left are dropped due to bad TO: addresses.
 95% of what is left is dropped due to filtering processes.

 Almost 95% of what is left after the 25% dropped after RDNS are from
forged addresses.
 The filtering processes are THE #1 major load on my boxes.
 
 Not hard to do the math here. 

 Regards,
 Damon Sauer


 Please forgive the trailer.. I am not able to remove it.

-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Greg Connor
Sent: Tuesday, May 25, 2004 2:21 AM
To: Gordon Fecyk; IETF MXCOMP (E-mail)
Subject: Re: Measuring MARID



--Gordon Fecyk <gordonf(_at_)pan-am(_dot_)ca> wrote:



The question of network overhead and impact came up early on.  If the
cure to forgery is more network-expensive than the disease of forgery,

no

one's going to implement it.  Early numbers suggest a considerable
savings but bad design decisions now could reduce that savings or
eliminate it.

We need to measure the impact, but what to measure?  I wanted to get

the

question out early, especially as Meng, Harry and Jim draft a document

to

combine their proposals.  What can be measured?  Where should it be
measured? And how do we measure it?

These things immediately came to mind:



A very good list.

Some other things sysadmins and managers might be interested in...

Measurements of MARID checking compared to other methods
 - costs to filter questionable email, like spamassassin
 - costs to keep spam quarantined but not deleted
 - cost and success rate of checking RDNS, which some sites do
 - cost of checking basic DNS (sender domain exists, MX not 127.0.0.1)

Differences between MARID at the edge versus at a second-stage filter

Anything that saves an additional TCP session from being opened (such as

forwarding the mail to the internal server) compared to the UDP DNS
lookups 
needed to avoid making the second TCP connection.


I'm thinking what you're probably thinking... that anti-forgery measures

will eventually result in a net gain, but it will be difficult to prove 
empirically.  I would suggest to focus on ratios more than raw numbers. 
How much of mail is spam, and how much of that is forged?  How much 
different would the bandwidth be if the forged messages could be blocked

before the DATA command?

(Of course I have no answers, just more questions :)

gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>


*****
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers. 113
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wild card MXes, william(at)elan.net
Next by Date:  RE: Wild card MXes, Olson, Margaret
Previous by Thread:  Re: Measuring MARID, Greg Connor
Next by Thread:  Re: Measuring MARID, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]