dccifd do not compute Body checksum when the message body is under 30 bytes

Vernon Schryver vjs@calcite.rhyolite.com
Mon Aug 22 16:56:33 UTC 2005


> From: =?ISO-8859-2?Q?Martin_P=E1la?= <Martin.Pala@oskar.cz>

> Dccifd received the mail, but has not computed the Body checksum
> - is it correct?

Yes, tiny messages are more or less empty.  They do not contain enough
text to distinguish them from other more or less empty messages.
Consider messages from free mail providers that have advertising added
by the free mail provider.

> I think it could be better when dccifd will report the Body checksum
> even in the case that the message has one byte. This way can dccifd
> defend the mailboxes against flood of short messages (i think it is
> no problem to write some spam under 30 bytes or just use it as mailbox
> DOS).

You might be surprised by the number of false positives that would
produce.  Many people send legitimate messages that are empty except
for their signatures.

On the other hand, it is difficult write effective advertising with
fewer than 30 characters.

When designing something, the most important questions you must
answer are what it will not do.  It is always possible to add
something to anything; the trick is saying "No."  The DCC is supposed
to detect substantially identical streams of bulk mail.  It is not
a defense against denial of service attacks except incidentally.
A router blackhole or other filter is better defense against a
denial of service attack.



] i found the place where it is caused (dcclib/ckbody.c):

I would rather not talk in public about the fuzzy checksum code.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.