Tue Aug 23 08:15:52 UTC 2005
OK, i see your point. I think that in some cases it could be useful to customize the size watermark for body checksum by some configuration option - this can allow both to increase or decrease the accounted body size: 1.) in the case that false positives count is still high, the user can set the size watermark higher 2.) in the case that the false positives is no issue, the user can decrease the size watermark (up to zero) to enable defense against distributed flood attack to mailboxes Just my 0.02$ ;) Thanks for explanation, Martin -----Original Message----- From: Vernon Schryver [mailto:firstname.lastname@example.org] Sent: Monday, August 22, 2005 6:57 PM To: email@example.com Subject: RE: dccifd do not compute Body checksum when the message body is under 30 bytes > From: =?ISO-8859-2?Q?Martin_P=E1la?= <Martin.Pala@oskar.cz> > Dccifd received the mail, but has not computed the Body checksum > - is it correct? Yes, tiny messages are more or less empty. They do not contain enough text to distinguish them from other more or less empty messages. Consider messages from free mail providers that have advertising added by the free mail provider. > I think it could be better when dccifd will report the Body checksum > even in the case that the message has one byte. This way can dccifd > defend the mailboxes against flood of short messages (i think it is > no problem to write some spam under 30 bytes or just use it as mailbox > DOS). You might be surprised by the number of false positives that would produce. Many people send legitimate messages that are empty except for their signatures. On the other hand, it is difficult write effective advertising with fewer than 30 characters. When designing something, the most important questions you must answer are what it will not do. It is always possible to add something to anything; the trick is saying "No." The DCC is supposed to detect substantially identical streams of bulk mail. It is not a defense against denial of service attacks except incidentally. A router blackhole or other filter is better defense against a denial of service attack.
More information about the DCC