Re: [exim] Rate limiting on Sender Verify

On Tue, 17 Oct 2006, Andrew - Supernews wrote:

| >>>>> "Marc" == Marc Perkel <marc@???> writes:
|
| Marc> Ok - I'm changing the subject line here to fork this topic. The
| Marc> issue is sender verification during a dictionary attack. If
| Marc> someone was faking a lot of different addresses at domain.com
| Marc> trying to send spam them my server would do callouts trying to
| Marc> verify email addresses and could cause a lot of collateral
| Marc> traffic.
|
| Rate limiting does very little to help here. Suppose a spammer sends
| out (to other people) 100 million spams all of which have different,
| random, sender addresses at your domain. You're going to see three
| types of traffic in response to the spam run: attempts to do callout,
| attempts to do C/R, and attempts to send bounces. All of these will
| likely look pretty much the same to you, unless you actually have a
| catchall for the targetted domain.

True, but I'm not sure this is same the point Marc P is making. AIUI Marc
suggests if the "other people" were limiting the number of sender callouts
they attempt on any individual domain, then "your domain" should indeed be
hit with less callout attempts, which is good.

However, my point was this rate limiting presumably only helps where the
spammer sends the 100 million from one domain. In the more general case
of spam faking loads of different domains, the benefit of such rate
limiting is very much reduced.

Cheers