From: Lou Katz
Sent: Wednesday, May 26, 2004 8:48 PM
On Wed, May 26, 2004 at 05:23:46PM -0500, Seth Goodman wrote:
From: Mark
Sent: Wednesday, May 26, 2004 4:33 PM
Seth Goodman wrote:
I am arguing that it is a useless
DDoS mechanism because it is trivial to terminate by refusing any
MAIL FROM:<> connection request.
As trivial as turning off mail altogether; but hardly a realistic
solution.
Not accepting null envelope senders will get you listed in
RFC-ignorant.
If you refused CBV's as a matter of policy, or because of an
uncooperative
philosophy, you deserve to be listed there. If you were to refuse CBV's
temporarily due to being DDoS'd through that mechanism, I'm
sure you would
be delisted promptly, if you were listed at all. I don't think
the people
who run RFC-Ignorant would insist that you keep a service
running that was
the subject of a DDoS attack while the attack was in progress.
Last time I
looked, they wore white hats :)
So, as I understand it, you are guilty of refusing to honor CBV until you
expend extra effort to get yourself delisted because someone else has
to be convinced that your reasons are OK with them?
Feh.
Indeed. As I said, this is hypothetical. If some brainless idiot DDoS'd
you with CBV's and you temporarily stopped accepting MAIL FROM:<>, I doubt
anyone would even notice. Similarly, if someone mailbombed your
postmaster(_at_)domain address and you temporarily shut down that account, that
is _technically_ an RFC violation, but what are you supposed to do? It's
_possible_ that you could be listed, but I wouldn't lose any sleep over it.
--
Seth Goodman