Re: [exim] Sender callout verification with warning only

Top Page
Delete this message
Reply to this message
Author: Marcin Krol
Date:  
To: exim-users
Subject: Re: [exim] Sender callout verification with warning only
Phil (Medway Hosting) napisał(a):
>> I tend to consider them as a way of reducing spam, and everything that
>> does is for the Greater Good, IMO. Also, I'm quite happy to receive this
>> kind of requests at our server, so I'll happily use them myself -
>> according to some principle we read in some holy book or the other at
>> school...
>>
>
> You obviously haven't received 100,000+ or more of them in one day because
>
> some spammer was forging the FROM from a domain that host.

Let's see:

220 xxx.xxxxxx.xxx ESMTP Fri, 06 Jul 2007 13:35:38 +0200
ehlo spammer.somewhere
250-xxx.xxxxxx.xxx Hello localhost [127.0.0.1]
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: xxx@???
250 OK
rcpt to: xxxxx@???
250 Accepted
quit
221 xxx.xxxxxx.xxx closing connection


That's about 320 bytes both ways. Times 100,000 ~= 30 megabytes.

Woohoo. You will have to install a few terabit/s links to deal with that
I see.

> NO it is NOT for
> the greater good,


T'is I agree with: it is so our users don't leave us all for GoogleMail,
because they are too sick of the volume of spam plus spammers using
their domain name in vain. I need to primarily cater to them, not to
other operators, and as far as I can see they wouldn't think twice
before jumping into making this tradeoff: use callouts with very low
cost attached to them and have less spam, or not use callouts and suffer
more of that plague. Note: you ignore another cost of bandwidth: without
callouts, more spam is sent worldwide. That's a cost borne by someone as
well, and that someone may be you or your users.

> and would block only a tiny %age of spam.


This may be so, but I would like to see some realistic numbers and
experiments to show that. My own (admittedly, quick) estimates based on
my mail logs indicate that the volume of spam cut short by callouts is
approx. 5/6 of spam, while SpamAssassin has to deal with 1/6 remaining.

> Firewalling the
> entire world would also be good for blocking spam - doesn't mean its a good
> idea. Try reading some of the articles on
> http://www.google.co.uk/search?hl=en&safe=off&q=callouts+abusive+behaviour+spam&meta= -
> especially the ones on NANAE
>
> Taking the attitude of "it doesn't hurt me and sod the rest of the world" is
> akin to "my machine has a virus but it still works fine - why should I
> worry".
>


Verifying someone's e-mail address in compliance with internet-wide
standard (SMTP RFC), on MX he exposed for purpose of e-mail
communication with him, is like infecting others with viruses? That's
kind of stretching the analogy.

--
Marcin Król