ietf-mxcomp
[Top] [All Lists]

Re: Forging (was Re: Differences between CSV and Sender-ID )

2004-07-09 15:17:49


1. Your assertion was that the relationship between SMTP connections and DNS 
requests is not linear.  This is clearly false.  You can admit that was a 
mistake, and retract it, or you can explain why you said it.  Doing neither is 
called "spreading FUD".


Such a change to the amount of UDP traffic will impact the amount of
packet loss, as UDP does not have congestion avoidance.  I looked at a
5% packet loss to make a rough estimate of what this could mean with


2. You seem to be implying that UDP packets are more likely to be dropped than 
TCP packets.  This is clearly false.


3. Any hypothetical situation prefixed by "Assume 5% packet loss" is pretty 
worthless.  5% packet loss is something to yell at your ISP about, not 
something you just assume as part of normal operation.


For Sender-ID, the number of DNS queries added if at the should
not exceed limits, would be 2000 UDP queries.  The ratio of UDP queries
to TCP packets, in this case, goes from 0.3 % to 666.0 % of TCP packets.


4. A statement like "666% UDP to TCP ratio" seems to imply that an average 
SMTP transaction requires 20 DNS UDP packets, but only 3 TCP packets.  Do you 
really believe it's possible to deliver a message with only 3 TCP packets?  My 
rough guess was at least 14 and usually 20.


So for the TCP traffic of about 400
kbytes, 900 kbytes is used for the DNS queries. This recommended limit
changes the traffic ratio of UDP/TCP traffic from 0.007 % to 225.0 % at
the 666.0 % UDP/TCP packet ratio.

5. You seem to be assuming that UDP packets have overhead and TCP packets do 
not.  Also you seem to be assuming that since 20 lookups is the limit, that it 
will also be the average. 


6. In practice, mail receivers already do plenty of DNS lookups, including the 
sender domain, the PTR of the IP, its corresponding A, the MX of the purported 
sender, one or more DNSBLs and/or RHSBLs.  You don't appear to be taking this 
into account.  It is unrealistic to expect an SMTP transaction to be accepted 
with "only one" DNS lookup.


I don't think it's productive for me to reply to you anymore on this thread. 
My feeling is that your "concern" is not consistent with the reality, and you 
have not produced any "real world" measurements enough to merit attention for 
any "concern".  I refuse to spend my time trying to disprove something that 
has not been supported at all (let alone proved) in the first place.  
Especially given that every time I reply to this thread I get back MORE FUD.

If you are really "concerned" your best bet is to try to explain the "concern" 
to someone else, offline, who can understand it, AND who can write about it 
clearly and concisely.  If you are not really concerned and are just spreading 
FUD because you don't like SenderID, well, have fun, but I am not going to 
play that game anymore and I expect others will get tired of it soon too.

--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org

Everyone says that having power is a great responsibility.  This is a lot
of bunk.  Responsibility is when someone can blame you if something goes
wrong.  When you have power you are surrounded by people whose job it is
to take the blame for your mistakes.  If they're smart, that is. 
                -- Cerebus, "On Governing"


<Prev in Thread] Current Thread [Next in Thread>