spf-discuss
[Top] [All Lists]

Re: Border Appliances

2005-06-30 17:18:18

----- Original Message -----
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, June 30, 2005 6:49 PM
Subject: Re: [spf-discuss] Border Appliances


On Thu, 30 Jun 2005, Hector Santos wrote:

reject_neutral = aol.com, yahoo.com, hotmail.com, arosii.com,
        oracle.com, msn.com, rr.com, egroups.com, gmail.com

Bet you can't guess which of the above domains has the most forged
spam sent to my system.

How much you got?  <g>

Hmmm, maybe this is trick question.

Well, taking a SWAG based on our own stats,  I can tell you of the domains I
know.  Not familar with arosii.com....

You have a POST SMTP "CBV" like concept using DSN,  we use a pure CBV at the
SMTP level.

This means you have a much higher payload scalability issue.  For a large
system with a high spam ratio, that would be a tremendous amount of
overhead.

In other words, I bet you will get the same near result with a much greater
efficiency by doing a CBV at SMTP instead, rather than receive your payload
first.

Think about it.  Lets do some simple math:

Over 80% of all transactions are bad at the SMTP level.  This means if you
can reject most of these before the payload, you would achieve a tremendous
amount of lower bandwidth and overhead.

Lets use 10 message each with 10K.  Thats 100,000 bytes.

8 of these are bad at SMTP  = 80,000 bytes

With 100% efficiency, your payload is only 20,000.
With 50% efficiency, your payload is only 60,000.
With 25% efficiency, your payload is only 80,000.

With a post smtp checker, your payload is always 100,000, so regardless of
how bad you do at SMTP, it will always be better.

Multiple this by 100,000 messages per day with an average of 2K payload
size,  and you will see your system be less scaled.

Anyway,  I haven't study lately all the different domains, but from your
list we catch a lot at aol.com because its SMTP level support for RCPT
validation.  Every since Yahoo.com switched to RCPT TO validation, it has
worked great too.  Hotmail.Com, we catch alot, even thru CEP support.  Don't
recall seeing any oracel.com domains coming in. We get tons of rr.com,   a
few gmail.coms, and msn.com.

What you have to remember is that each node on the network has its own
"social network" of relationships, so what could be one domain for you, can
be some other domain for another.

So off the top of my head, for your social network, I would probably say
YAHOO.COM is the most

For my social network, I will say juno.com and hotmail.com.

Which is it? :-)

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






<Prev in Thread] Current Thread [Next in Thread>