nanog mailing list archives

Re: a note to those who would automate their rejection notices

From: Doug Luce <doug () nanog con com>
Date: Sat, 27 Dec 2003 17:14:30 -0500 (EST)


This reminds me:

I'm scared to death of false positives.  So much so that every email that
triggers a positive from Spamassassin (i.e. several thousand spams a day)
gets a response.  It tries to be as polite as possible, both by being
good-natured in tone and by both a "Precedence: bulk" header and an
application-specific X-header to break loops.

It's worked well enough for me to plan an implementation for an email
system I run (servicing about 70k users).  There are no real anti-DDOS
provisions in it that would prevent someone from sending several million
messages with a forged SMTP envelope to flood someone's mailbox
quasi-anonymously.

I haven't ever heard of this sort of system being used.  Other than the
obvious problems (like above, and the fact that it generates a LOT of mail
that's going nowhere).  Does anyone know of a precedent?  Or wants to pick
apart the idea in terms of community effect?

Thanks,

Doug

Current thread:

a note to those who would automate their rejection notices Paul Vixie (Dec 27)
- Re: a note to those who would automate their rejection notices Richard A Steenbergen (Dec 27)
- Re: a note to those who would automate their rejection notices Doug Luce (Dec 27)
  - Re: a note to those who would automate their rejection notices Brian Bruns (Dec 27)
  - Re: a note to those who would automate their rejection notices Laurence F. Sheldon, Jr. (Dec 27)
    - Re: a note to those who would automate their rejection notices Jared Mauch (Dec 27)
- Re: a note to those who would automate their rejection notices jlewis (Dec 27)
- <Possible follow-ups>
- Re: a note to those who would automate their rejection notices Paul Vixie (Dec 27)
  - Re: a note to those who would automate their rejection notices Brian Bruns (Dec 27)