On Mar 8, 2004, at 6:19 PM, Jay Moore wrote:
On Mon, Mar 08, 2004 at 09:25:03AM -0600, the entity calling itself Christopher D. Lewis stated:
Following is an entry from pfTop a few minutes ago:
tcp In 206.33.230.44:4895 127.0.0.1:8025 ESTABLISHED:FIN_WAIT_2 46:38:32 00:00:44 335K 13M
Thanks for your encouragement. Maybe I'm reading the pfTop output incorrectly, but doesn't it say that _my_ resource cost on this transaction was 335K packets and 13 MBytes of bandwidth? If so, I wouldn't call this "no effect" on my resources.
I read it to mean that over the lifespan of the connection it had slowly transferred 13M while the spammer had to keep a socket open, re-establish connections, etc. Sure the packets crossed your line, but unless you felt it impact your service, it was basically withoug incremental cost to you while to the spammer actions like yours, in the aggregate, drive up the cost of spamming by keeping emails in his send queue, wasting cycles re-estaablishing connections, etc. If more followed the example you follow, spamming would be a more expensive proposition, costing spammers and their clients more to pull it off.
The next question I suppose is ... since IM2000 appears dead (based on list traffic) is there any alternative to create a system by which senders could not send without ensuring that receivers knew the identity of the responsible server? This isn't pf, but a pointer to the "right list" would be appreciated :-)
Best regards,
Chris
