[Top] [All Lists]

Re: DoS attacks (was Re: SMTP Transferred-By-Reference)

2007-11-15 18:13:30

John C Klensin wrote to Glen:

This brings us back to the point I tried to make to Hector:
making these folks smarter may be unwise, especially when doing
so consumes more resources on our and and, with botnets, they
have essentially unlimited resources for which the costs to them
are trivial.

Ok, then you did mis-read me.

#1, I am against any I-D or IETF proposal for GL SMTP implementation. Maybe "against" the wrong word - rather waste of time, partially for the reasons you stated. Mostly because it is "fundamentally unnatural"
to reject an email on this basis. I am fundamentally oppose to the idea.

#2, Reality Check.  They exist in the market, so whether I, you and
the your IETF peers don't agree with it, it is a fact of life. GL and other challenge/response systems exist which are based on checking for a compliant SMTP retry system, and with a blind consideration for whether the anonymous sender is bad or good - they are treated all the same.

So we already have insights regarding the possibility of "sophisticated variable retry strategies," all I am suggesting is that it is modernized to highlight that there is a real reason today for this "sophistication" to exist with a recommended shorter 2nd attempt in order to improve outbound delivery operations or to minimize the impact of "living" in the real world.

If you believe that world is short live, which I don't 100% disagree (Medicine cures) then why even have the suggestion about the possibility for variable retry methods in the first place? :-)

I think it is solid engineering consideration that has nothing to do with introducing that evil term "anti-spam solution" into SMTP or specific to GL.


Hector Santos, CTO