For Sender-ID, the number of DNS queries added if at the should
not exceed limits, would be 2000 UDP queries. The ratio of
UDP queries
to TCP packets, in this case, goes from 0.3 % to 666.0 % of
TCP packets.
4. A statement like "666% UDP to TCP ratio" seems to imply
that an average
SMTP transaction requires 20 DNS UDP packets, but only 3 TCP
packets. Do you
really believe it's possible to deliver a message with only 3
TCP packets? My
rough guess was at least 14 and usually 20.
Come on, in the real world we send powerpoint slides and word
documents arround. I send and receive emails in the 500Kb to
1Mb range on a daily basis.
If we assume that only 5% of the emails have attachments thats
2,700-5,000 packets right there.
Doug insists on assuming worst case, in practice Sender-ID is
going to be no more than 3 lookups in 95% of cases.
I really don't think that it is worth continuing this discussion.
If the attack is real expect to see complaints from the large
ISPs and the operators of outsourced spam filtering solutions,
companies like Postini, Frontbridge, Messagelabs and VeriSign.