Elizabeth Zwicky writes: > No, I mean to say that "never stopped" does not mean "never slowed > down", it means "never stopped".
OK. I'll remember that. In any case, now I wonder what they're really trying to do. They can check for "p=reject" without sending *any* mail. (I know, you're not in a position to speculate publicly.) > Your argument was that we should turn off blocking to see what > would happen. That only makes sense if the attackers have actually > fully gone away. Getting to that conclusion requires a lot of assumptions, all implicit. The way I see it, the attackers are doing this as a business. If they think they can make enough money in 1 minute (or however long it takes the defense to react, 2X DNS resource TTL I'd guess), they will come back in force, and soon. On the other hand, suppose they do and you shut them down in one minute. How does that look to *their clients*? AOL's graph showed more than a week of the torrent. If you cut that off in 1 minute, the fraction that gets through is 1/(7x24x3600) = 0.00000165, and presumably their revenues will be reduced in that proportion. Heck, they might even consider getting a real job! Is that argument a justification for Yahoo! experimenting? I doubt it, and of course you know a lot more than I do. But it's not the "beyond obvious" conclusion that your phrasing makes it appear. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
