----- Original Message -----
From: "Fred Viles" <fv+exim@???>
> On 4 Mar 2004 at 9:52, James P. Roberts wrote about
> "Re: [Exim] Re: Bagle, unqualified H":
>
> |...
> | Would it make sense to apply a 30 second-ish delay to every incoming
> | connection, simply to weed out the virii? Since any legit MTA should
accept
> | such a delay without incident, and most virii engines would give up.
>
> No, I think that would be very anti-social behavior. Imagine if
> everyone did it - what would happen to the Internet's email
> infrastructure?
>
> | After a little thinking, it occurs to me, this could work even for some
> | high-volume servers.
>
> You're only thinking about the effect on the recipient server. The
> problem is the effect on all the legitimate sending servers.
>
> IMO, artificial delays should be introduced into the SMTP session
> *only* if there is already good reason to suspect that the sender is
> not legitimate. Then the benefit outweighs the infrastructure cost
> (IMHO).
>
> Alan's approach is a good example.
>
> - Fred
>
No, I believe my original argument still holds, for both sending and receiving
servers.
The only "cost" is "temporary storage" of connection information. If you take
the total number of SMTP connections occurring throughout the entire web,
during any given 30 second period (a lot, yes), and multiply by the rather
small amount of memory resources consumed per connection, and then DIVIDE
again by the number of participating servers, I think the net cost to the
internet email system would be quite small (and distributed fairly,
proportional to volume of each server).
Now, subtract out the bandwidth and resource costs associated with not having
to actually transmit & process the total number of virii and other junk emails
out there, that would be stymied by this approach, and I think you would see a
substantial improvement in overall internet resource use.
Just my two cents worth.
Jim
