white lists

Vernon Schryver vjs@calcite.rhyolite.com
Sat Apr 20 01:09:33 UTC 2002


> From: "Earl Killian" <dcc@lists.killian.com>

> ...
> * Address rejected spam does not have its DCC counter incremented
>   (because we didn't allow the message body to be transferred, there's
>   nothing on which to compute fuzzy checksums).  (On the other hand,
>   if everyone used the same set of RBLs, this wouldn't really matter
>   because the spam would be rejected everyone.)
> ...

A nit: even if everyone used the same DNS real time blacklists, it would
still be worthwhile to increment DCC target counts.  Consider spam sent
first via an open relay listed by your favorite blacklist and then sent
again to some other addressee via an unlisted or not yet listed relay.
If you wire things to report very high bulkiness (e.g. "many") on
message bodies rejected by the blacklists, then substantially identical
later bodies can be rejected by the DCC.

More realistic than everyone using the same blacklists, consider some
people using blacklists with false positive rates too high for other
people, but reporting as bulk to the DCC whatver they reject.  If the
same mail is sent to the other people, then it would be bulk, and thanks
to the DCC reports of the first group, would be detected as such.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.