RE: [Asrg] Several Observations and a solution that addresses them all

[Jason Hihn <jhihn@paytimepayroll.com>]

Addendum. See below.

> -----Original Message-----
> From: Jason Hihn [mailto:jhihn@paytimepayroll.com]
> Sent: Tuesday, March 11, 2003 4:24 PM
> To: Kee Hinckley
> Cc: ASRG
> Subject: RE: [Asrg] Several Observations and a solution that addresses
> them all
>
>
> > So then I suppose the ISPs block inbound connections to your
> > authentication port.  And then once that happens someone starts up a
> > server offshore selling authentication services for domains.  And
> > they keep moving the IP address around using different relays at
> > different offshore machines.
>
> By detecting a burst of auth requests for this user, we can make
> sure he gets limited to 50 or 100 messages - far less than the
> 1000s he could send before he can show up on any kind of spam
> list. This greatly effects his delivery rate and makes it hard
> for him to make any kind of money. (Assuming he gets paid by
> address, or if he buys by the address, it turns most of his list
> into junk.) It also makes it a lot more hassle to spam.

In the even that a spammer who does not own his domain abuses and account
(by tripping a validation/sec limit) we can pro-actively black list this
person. I don't think it will technically work due to timing, but it is
entirely possible that the server can get the user's address on the black
list and get it propagated out so that the server can save itself from the
stampede (and save users from receiving spam)


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg