Phil (Medway Hosting) wrote: > ----- Original Message ----- > From: "Toralf Lund" <[EMAIL PROTECTED]> > To: "Exim Mailing List" <[email protected]> > Sent: Friday, July 06, 2007 10:59 AM > Subject: Re: [exim] Sender callout verification with warning only > > > >>> Do you realise that callouts are considered abusive in anti-spam circles >>> > and > >>> are often used in certain forms of ddos attacks ? Some major mail >>> > servers > >>> even BLOCK based on the number of callouts they receive from a given IP. >>> Something like 80% of emails are spam, so 80% of your callouts are being >>> directed at totally innocent machines. Challenge response methods should >>> > be > >>> considered in the same way. >>> >>> >> I tend to consider them as a way of reducing spam, and everything that >> does is for the Greater Good, IMO. Also, I'm quite happy to receive this >> kind of requests at our server, so I'll happily use them myself - >> according to some principle we read in some holy book or the other at >> school... >> > > You obviously haven't received 100,000+ or more of them in one day because > some spammer was forging the FROM from a domain that host. NO it is NOT for > the greater good, The point would be that spam-reducing measures may discourage the abusers in the long run, so it may still be for the greater good despite the nasty side-effects you are referring to. Even an "attack" of 100000 sender verifications today is for the greater good it can stop one spammer from sending 200000 spam messages next week. (Or maybe I should make that 50000 or even 10000, since one spam message is a lot worse than one callout connection.) And also that if even a small percentage of the callouts can stop a message at the RCPT stage, bandwidth and CPU time is saved (since the message does not have to be transferred.) No, it may unfortunately not be your bandwidth or CPU time, but I was talking about the greater good... (What's in it for you, is that some attempts to steal your identity are actually stopped, which should mean *something*.) > and would block only a tiny %age of spam. Yeah, "tiny" as in up to 50%... > Firewalling the > entire world would also be good for blocking spam - doesn't mean its a good > idea. Try reading some of the articles on > http://www.google.co.uk/search?hl=en&safe=off&q=callouts+abusive+behaviour+spam&meta= > - > especially the ones on NANAE > > Taking the attitude of "it doesn't hurt me and sod the rest of the world" is > akin to "my machine has a virus but it still works fine - why should I > worry". > That was not the attitude I was expressing, though. What I was saying was by your analogy more like "I want to be infected by viruses, therefore I infect others." Which I think no sane person would say, but that's because the analogy doesn't make sense. > All the best > > Phil > > > _____________________________________________ > > Website Hosting from only £5.00 per month. > www.medwayhosting.com - +44 (0)1634 856965 > _____________________________________________ > > Digital & Traditional Printing, and much more > www.medwayprint.com - +44 (0)1634 281199 > _____________________________________________ > >
-- Toralf Lund <[EMAIL PROTECTED]> +47 66 85 51 22 ProCaptura AS +47 66 85 51 00 (switchboard) http://www.procaptura.com/~toralf +47 66 85 51 01 (fax) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
