One other question

Vernon Schryver vjs@calcite.rhyolite.com
Fri Nov 29 21:52:36 UTC 2002


> From: "John R Levine" <johnl@iecc.com>

> > I don't understand that.  Do you have measurements?
> > DNSBLs require as much or more network traffic than the DCC does.
>
> I use DNSBLs at SMTP time so the mail traffic isn't even received.

I thought you were talking about network traffic used by DNSBLs and the DCC.

Even so, the network bandwidth, disk space, and CPU cycles to receive
a single mail message are close to zero today.  I doubt there is a
significant difference in CPU cycles between receiving the typical
spam and looking up an SMTP client's IP address in a DNS blacklist
and then terminating the session after the HELO or Mail_From commands.
If there is a difference, I wouldn't be surprised if it is in favor
of receiving the message.  Plodding through the resolver library
code in the MTA and then hitting a nearby BIND cache could easily
cost more than looking for "\r\n.\r\n" to receive the message.

If you count bits on the wire, you spend more network bytes talking
to the root, a gTLD server, and ultimately the DNSBL server to get a
DNSBL answer than receiving the rest of a message.

The way I think the DCC should be run has spam being rejected during
the SMTP transaction.  The vast majority of the perhaps 10,000,000
mail messages checked daily  with the DCC are handled this way, although
most installations of the DCC involve post-delivery mechanisms with
SpamAsassin, procmail, or other tools.  Most people who care enough
about spam to take matters into their own hands are running very small
servers or no servers.

(That 10M/day number is a wild guess.  From the graphs it's easy to justify
5M/day, but the graphs reflect only some DCC servers in the network.)


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.