[69107] in North American Network Operators' Group
Re: Redirecting mail (Re: Throttling mail)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Mar 25 15:07:14 2004
To: Adi Linden <adil@adis.on.ca>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 25 Mar 2004 13:51:13 CST."
<Pine.LNX.4.44.0403251343360.27911-100000@adibox.knet.ca>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 25 Mar 2004 15:04:20 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1068879096P
Content-Type: text/plain; charset=us-ascii
On Thu, 25 Mar 2004 13:51:13 CST, you said:
> of abusive mail. After all, it does take time to read and act upon abuse
> reports. By forcing smtp through a specific server at least some proactive
> measures are possible such as throttling abusive behaviour.
Forcing it through a server doesn't automagically add the ability to throttle
abusive behavior. It's merely the obvious sledgehammer fix.
Now consider a router that's instrumented to collect flow data, feeding a
real-time system that throttles the port if something abusive happens. You get
the same benefits of not having to read and act on abuse reports, plus you
don't break non-abusive uses of the network.
(And yes, we consider that a primary tool - we got lots of "your user has Witty"
e-mails, and *every single one* we already knew about because we'd pulled the
flow data and done the obvious things....)
--==_Exmh_1068879096P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAYztEcC3lWbTT17ARAuNgAKC15S1+fYZaW3zBEkJEHHhVhrZHlACg/Vto
G+Kf1EwtZnAvxxyZ1cna5zU=
=BZmS
-----END PGP SIGNATURE-----
--==_Exmh_1068879096P--
