SMTP rate-limits [Was: Re: ingress SMTP]
If the ISP blocks port 25, then the ISP is taking responsibility for delivering all email sent by a user, and they have to start applying rate
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Simon Waters <simonw@zynet.net> wrote: limits. Otherwise if they send all email from their users, all they've done is take the spam, and mix it in with the legitimate email, making spam filtering harder.
Okay, I can understand why an ISP might want to apply SMTP rate-limits, but to clarify, I'm assuming you meant that ISPs (if they do block tcp/25 outbound to anything other than their own MTAs) need to watch for excessive SMTP utilization, which might indicate a spammer-client (?). ...as opposed to arbitrary SMTP rate-limits. Yes? - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIwO90q1pz9mNUZTMRAneaAJwMgmIz99bPUYJ2HgUD6Zs1MOFXgQCgmsPY eUtV2bBKymWfxNwNOgWfp5w= =bdk+ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Simon Waters <simonw@zynet.net> wrote:
If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying rate limits. Otherwise if they send all email from their users, all they've done is take the spam, and mix it in with the legitimate email, making spam filtering harder.
Okay, I can understand why an ISP might want to apply SMTP rate-limits, but to clarify, I'm assuming you meant that ISPs (if they do block tcp/25 outbound to anything other than their own MTAs) need to watch for excessive SMTP utilization, which might indicate a spammer-client (?).
...as opposed to arbitrary SMTP rate-limits.
Yes?
I thought that these bot nets were so massive that it is pretty easy for them to fly under the radar for quotas, rate limiting, etc. Not that all bot nets are created equal, and there aren't local hot spots for whatever reason, but putting on the brakes in a way that users wouldn't feel pain is simply not going to make any appreciable difference in the overall mal-rate. No? Mike
On Fri, 5 Sep 2008, Michael Thomas wrote:
I thought that these bot nets were so massive that it is pretty easy for them to fly under the radar for quotas, rate limiting, etc. Not that all bot nets are created equal, and there aren't local hot spots for whatever reason, but putting on the brakes in a way that users wouldn't feel pain is simply not going to make any appreciable difference in the overall mal-rate.
Right. In practice the rate of delivery failures is a more useful indication of spam than the overall email rate. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ IRISH SEA: NORTHEASTERLY BACKING NORTHERLY 6 TO GALE 8, BUT CYCLONIC 5 IN SOUTH AT FIRST. MODERATE BECOMING ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Can anyone comment authoritatively on the percentage of spam that's from a leaky faucet compared to fire hose? The stuff I see in my customer base are all fire hoses at the rate of 2.5, sometimes 5 message connection attempts per second. (I bet an academic could study the rate of spam emissions from a certain IP to identify their upstream bandwidth). Frank -----Original Message----- From: Michael Thomas [mailto:mike@mtcc.com] Sent: Friday, September 05, 2008 9:46 AM To: Paul Ferguson Cc: nanog@nanog.org Subject: Re: SMTP rate-limits [Was: Re: ingress SMTP] <snip> I thought that these bot nets were so massive that it is pretty easy for them to fly under the radar for quotas, rate limiting, etc. Not that all bot nets are created equal, and there aren't local hot spots for whatever reason, but putting on the brakes in a way that users wouldn't feel pain is simply not going to make any appreciable difference in the overall mal-rate. No? Mike
participants (4)
-
Frank Bulk -
Michael Thomas -
Paul Ferguson -
Tony Finch