[52158] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: How do you stop outgoing spam?

daemon@ATHENA.MIT.EDU (Brad Knowles)
Tue Sep 17 14:37:40 2002

In-Reply-To: <20020917180713.GN72568@darkuncle.net>
Date: Tue, 17 Sep 2002 20:35:03 +0200
To: Scott Francis <darkuncle@darkuncle.net>
From: Brad Knowles <brad.knowles@skynet.be>
Cc: Brad Knowles <brad.knowles@skynet.be>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu


At 11:07 AM -0700 2002/09/17, Scott Francis wrote:

>  Much more complex to implement and manage; doesn't scale well. The fewer
>  decisions the anti-spam system has to make, the better it will work. If it
>  only has to decide whether or not a specific IP/port combination has exceeded
>  a certain threshold, it will run much more smoothly than if it's examining
>  the contents of each packet.

	Indeed, that will be a lot more scalable.  But if you still have 
to look into each packet to see which ones are link encrypted (and 
therefore should be left alone) and which ones aren't (and therefore 
should be transparent proxied and/or traffic-shaped), that is quite a 
bit more work.

	The question is how much abuse is too much?  Is it okay to allow 
all open port 25 connections (traffic-shaped to low average 
bit-rates), or is any abuse too much?

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

home help back first fref pref prev next nref lref last post