On 5-mei-04, at 21:55, Steve Gibbard wrote:
If a few of you can stop being so pedantic for a second, the definition looks pretty easy to me: traffic unlikely to be wanted by the recipient. Presumably, if it's being sent that means somebody wanted to send it, so the senders' desires are a pretty meaningless metric.
Exactly.
The harder pieces are going to be defining what traffic is unwanted in a way that scales to large-scale measurement.
I think if someone sends something back that isn't an error, then at some level the traffic is desired. However, this only works at one layer in the stack: DDoS packets aren't replied to, so they can be categorized as abusive at the IP level. However, even though spam emails aren't replied to (hopefully, and not counting bounces), the TCP port 25 packets flow in both directions, so at the IP level spam isn't abusive. (There are a few corner cases where legitimate traffic only flows in one direction but this is very unusual.)