On Tue, 17 Oct 2006, Andrew - Supernews wrote: | >>>>> "Marc" == Marc Perkel <[EMAIL PROTECTED]> writes: | | Marc> Ok - I'm changing the subject line here to fork this topic. The | Marc> issue is sender verification during a dictionary attack. If | Marc> someone was faking a lot of different addresses at domain.com | Marc> trying to send spam them my server would do callouts trying to | Marc> verify email addresses and could cause a lot of collateral | Marc> traffic. | | Rate limiting does very little to help here. Suppose a spammer sends | out (to other people) 100 million spams all of which have different, | random, sender addresses at your domain. You're going to see three | types of traffic in response to the spam run: attempts to do callout, | attempts to do C/R, and attempts to send bounces. All of these will | likely look pretty much the same to you, unless you actually have a | catchall for the targetted domain.
True, but I'm not sure this is same the point Marc P is making. AIUI Marc suggests if the "other people" were limiting the number of sender callouts they attempt on any individual domain, then "your domain" should indeed be hit with less callout attempts, which is good. However, my point was this rate limiting presumably only helps where the spammer sends the 100 million from one domain. In the more general case of spam faking loads of different domains, the benefit of such rate limiting is very much reduced. Cheers -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
