[80334] in North American Network Operators' Group
Re: Internet email performance study
daemon@ATHENA.MIT.EDU (Crist Clark)
Thu Apr 28 18:58:13 2005
Date: Thu, 28 Apr 2005 15:53:27 -0700
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <p0620071dbe97125ca72e@[10.0.1.2]>
To: Brad Knowles <brad@stop.mail-abuse.org>
Cc: aljuhani <info@riyadmail.com>, nanog@nanog.org
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog@merit.edu
Brad Knowles wrote:
> At 3:05 PM -0700 2005-04-28, Crist Clark wrote:
>
>>> http://www.albury.net.au/netstatus/derouted.html
>>
>>
>> No, it doesn't. Please read their paper. In the paper and as he stated
>> again in the response above, their definition of a "loss" requires the
>> message to be delivered successfully in the first place. The anti-spam
>> measure described in the above URL causes the remote MTA to not accept
>> mail at all from the blocked source. This would not be counted as a loss
>> in their methodology, but possibly as an "error."
>
>
> Yeah, but there are plenty of other places that will otherwise do
> the same sort of thing, but instead of de-routing the address, they will
> silently discard all messages from that IP address.
>
> AOL is one known big offender in that area, because I helped set up
> the bounce processing system at AOL that did exactly that.
>
>
> So, while albury.net themselves would not cause the kinds of results
> that are being seen, they do have an otherwise good explanation for the
> kinds of things that many sites tend to do when faced with excessive
> probes or other activity that they believe is likely to be an indication
> of spam or something that is spam-related.
It's possible. Those with very sensitive threasholds that would pick up one
email every fifteen minutes as a scan could produce drop rates between zero
and one. Assuming the threashold detection is a well defined algorithm,
however, one would expect the drops to be deterministic, e.g. after one
hour (four sets) of attempts, they fall into black hole, come out after one
hour, two hours, eight hours, or a day, and then the whole thing repeats.
The authors couldn't find patterns, but that does not mean that there are
not any patterns to find. I considered looking at their raw data myself
until I saw it was a 100+ MB gzipped tarball. Anyone can test these kinds
of theories if they are willing to download and slog through the data.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
