On Sat, 26 Feb 2005, Brian W. Antoine wrote:
If some virus or spammer begins forging a domain name I'm responsible for
and another system begins loading down my server with rejected DSN's, and I
start getting calls from my users asking what this message they got means,
The users won't get any messages if the DSNs are rejected.
I'll be annoyed all right. I doubt how I'd solve that problem is what you're
hoping happens and I suspect I'm not alone in that regard.
If they are not validating DSNs, my system will be at the bottom of the list
of offenders with the lowest volume. I don't think they'll even notice me.
Your solution responds to one form of abuse with what I expect will be seen
by a lot of people as another form of abuse.
I agree that actually sending a message is questionable, which is why
I'm running it by the group. However doing a messageless CBV when no
other method is provided is entirely reasonable.
I think the key is keeping the message volume very low. I'm logging all
DSN's sent so that I can make that list persistent across restarts of
the milter (and avoid resending to the same sender). I think I will
implement your idea of limiting actual messages per domain as well,
but I still need to do the messageless CBV in that case.
When I first tested it live last night, I was forcibly reminded
that when spammers get rejected, they keep trying lots of addresses -
with the result that the first DSNs got sent about 12 times to the
same purpoted sender before I killed it. :-( That's when I added the cache.
:-)
The victims were brent at fmrco dot com, ted at wellsfargo dot com,
and cheri dot browne79 at dz dash rs dot si.
Hey guys/gals, if you see this, sorry :-}
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.