Brandon Long
Fri Mar 7 22:19:15 UTC 2003

On 03/07/03 Vernon Schryver uttered the following other thing:
> The longer answer is that without some what to prevent someone from
> reporting a single message 17,000,000 times, there can be no difference
> between the various infinities.  I believe that one must design to
> fit reality instead of the way one wishes things were.  I think it is
> impossible to build a system that involves more than a very few dozen
> people without including some duds who will do things like reporting
> a CERT advisory 17,000,000 times.  That implies that you can only take
> (or make) "MANY" or "INFINITY" for what it is and no more.

There is a decided difference from the default code allowing -t many, or
-t for any number greater than 1 (I guess maybe there is a reason for
more than one, but it could be capped at 10 then).  One could even make
it the servers who only allow a single request from the client to count
the message once.

Yes, someone could modify the source, or someone could just call
dccproc multiple times... and that could have worse affects on the
server than allowing them to just specify "many"... but will that be the
common case?

With "many" today, what you get is pyzor by fiat instead of by design,
since if someone uses a former account as a spam trap to mark all
messages with -t many, and some friend of mine mails that account and
me, boom.  So, in effect, the count doesn't matter, it could instead
just be "seen already" and the limit case becomes "bulk is anything
greater than 1."

And yes, the answer to that is whitelists, but in reality DCC's
whitelist mechanism is extremely limited, and I don't want to have to
whitelist everyone I ever correspond or expect to correspond with.

That said, given that I understand this, I chose to use it anyways, but
I have to use procmail to actually whitelist things, and I have to
periodically check my spam boxes to see if there's anything new I have
to add to my whitelist.

