Dave Crocker <[EMAIL PROTECTED]> wrote: > John Leslie wrote: > >> The "fix" Doug and I put into TBR is to extend the time to formal >> handoff, by any amount the receiving mail system may choose, which >> accomplishes much of what keeping the TCP connection open would -- at >> a far smaller cost (the queue of URIs could be written to disk, for >> one example). > > Although only a near-term, tactical benefit, greylisting directly > impacts mail from bad actors.
I wouldn't describe it as "only near-term". I don't notice folks abandoning graylisting in droves. When graylisting is used to buy time to gather enough reputation information, its long-term benefit can be substantial. > Its serious downside is that it also impacts first-time mail from good > actors. First-time email from originators who haven't yet developed a reputation, alas, _deserves_ to be delayed. > In contrast, your scheme will only be used for mail from good actors. That's not as certain as you think. Many spammers seem to choose their customers for stupidity, and such customers might well believe that the spammer has delivered on their promise merely by delivering the TBR. In any case, we cannot _assume_ only good actors will use TBR. > This is exactly the mail that does *not* need to be held up. The world is not merely stranger than you imagine: it is stranger than you _can_ imagine. The mail which "does not need to be held up" is mail from well-known and trusted senders. Anything else may well be abusive in someone's eyes. Hopefully, graylisting won't be applied to the first kind. > So the mechanism increases delay Measurably, probably; perceptibly, probably not. > and at least doubles the transaction load for mail from good actors, I continue to ask you for the basis of this calculation. I'm _not_ going to guess what you mean by this, Dave! > while having no impact on mail from bad actors. With the spam load generally acknowledged to be 90% or more, it would be a major victory to _have_ a mechanism used only by good actors. We could double our resources devoted to the 10%, and the overall cost would barely twitch. We don't _need_ any impact on mail from bad actors beyond setting our graylisting parameters to graylist harder when our network load is higher -- thus giving priority to what we classify as "good actors". > Where is the benefit, here? There isn't only one benefit. Greylisting without encouraging a doubling of SMTP traffic would be a benefit. Smoothing network load by scheduling TBR retrievals would be another. There's the benefit of having a mechanism available to those who must work from Cable Internet addresses which are increasingly blacklisted. And please don't forget the benefit of transferring an immutable message text. -- John Leslie <[EMAIL PROTECTED]>
