Re: How do you stop outgoing spam?

[Scott Francis <darkuncle () darkuncle net>]

On Mon, Sep 09, 2002 at 06:15:12PM -0700, lear () cisco com said:
> Rafi Sadowsky wrote:
> > Maybe I'm missing something obvious but do how you get rate-limiting per
> > TCP *flow* with Cisco IOS ?
>
> There is something called flow-based RED (FRED) but it consumes a whole 
> lot of memory because you have to keep track of lots more state.  I 
> don't know about that code.  At the least what you can do is use the 
> rate-limit command and rate limit *all* outbound TCP/80 traffic (or for 
> that matter all access-list captured traffic).  Now, doing so will make 
> any but the most trivial outbound TCP/80 absolutely painful, and will 
> cause tail drop.  See Cathy Wittbrodt's work in this space, which was 
> presented at NANOG some time ago.
>
> Note, I'm not saying you should *do* this.  It may be going a bit too 
> far for anti-spam.

Exactly. If operators as a group would just take the most elementary of steps
to decrease spam (along the lines Paul suggested), the effects would be so
significant that I think we wouldn't be worrying about HTTP spam traffic (at
least for the time being). The fraction of spam traffic that runs over HTTP
rather than SMTP is, I suspect, rather small.

If anybody has numbers on this, I'd be interested in hearing them one way or
the other.
-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui

Attachment: _bin
Description: