|
Re: namedroppers, continued
2002-12-08 17:18:22
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
...
Possibly what is needed is a hybrid approach:
1) If you're a "big" mail server, you can probably prevail on your DNS
admins to list you in whatever DNS-based verification system (in our entire
2 /16s of address space, there are less than 10 boxes that would have a major
resource issue, but would benefit froma DNS-based solution.
2) If you're not listed in the DNS, you have to do a compute-intensive proof.
What would people think of that idea?
Is the goal to block spam? If so, what do you do about third case of
senders that don't participate with either #1 or #2? For the first
years, most of the 10,000,000s of legitimate SMTP clients (sending
mail servers) will do neither #1 or #2, because their operators will
not have heard about it. You will have to configure your receiving
mail servers to require #1 or #2 only in exceptional cases. When the
operators of the other 10,000,000s of servers finally hear about the
new regime, they'll generally to not get around to installing either
sort of proof of virtue, because their mail is working without it and
they have real problems to worry about, from installing the latest
security patches to thinking about considering IPv6. Even people who
turn on requirements for #1 or #2 for incoming mail to reduce spam
will often delay supporting it on outgoing mail, because no one
competent likes to break things that are working.
In other words, such tactics might work for the exceptional cases of
biggest, otherwise hopeless sources of (not really) forged spam such
as Hotmail as a sort of half-blacklisting, but I can't see it working
in general.
Moore's law causes a bunch of problems for the computing idea. There
is at at least a factor of 100 in CPU speeds of current hosts. How
do you ensure that the fastest commodity CPU that a spammer might use
is forced to slow down more than the limit already imposed by network
bottlenecks without making old systems useless?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: namedroppers, continued, (continued)
- Re: namedroppers, continued, Steven M. Bellovin
- RE: namedroppers, continued, Hallam-Baker, Phillip
- RE: namedroppers, continued, Ayyasamy, Senthilkumar (UMKC-Student)
- Re: namedroppers, continued, Valdis . Kletnieks
- Re: namedroppers, continued,
Vernon Schryver <=
- Re: namedroppers, continued, Valdis . Kletnieks
- Re: namedroppers, continued, Vernon Schryver
- Re: namedroppers, continued, Bill Cunningham
- Re: namedroppers, continued, Valdis . Kletnieks
- Message not available
- Re: namedroppers, continued, Bill Cunningham
- Re: namedroppers, continued, John C Klensin
- Re: namedroppers, continued, Bill Cunningham
- Re: namedroppers, continued, Bill Sommerfeld
RE: namedroppers, continued, Dean Anderson
RE: namedroppers, continued, Ketil Froyn
|
|
|