dccifd do not compute Body checksum when the message body is under 30 bytes

Martin Pála Martin.Pala@oskar.cz
Tue Aug 23 08:15:52 UTC 2005


OK, i see your point.

I think that in some cases it could be useful to customize the size watermark for body checksum by some configuration option - this can allow both to increase or decrease the accounted body size:

1.) in the case that false positives count is still high, the user can set the size watermark higher
2.) in the case that the false positives is no issue, the user can decrease the size watermark (up to zero) to enable defense against distributed flood attack to mailboxes

Just my 0.02$ ;)


Thanks for explanation,

Martin



-----Original Message-----
From: Vernon Schryver [mailto:vjs@calcite.rhyolite.com]
Sent: Monday, August 22, 2005 6:57 PM
To: dcc@rhyolite.com
Subject: RE: dccifd do not compute Body checksum when the message body
is under 30 bytes


> From: =?ISO-8859-2?Q?Martin_P=E1la?= <Martin.Pala@oskar.cz>

> Dccifd received the mail, but has not computed the Body checksum
> - is it correct?

Yes, tiny messages are more or less empty.  They do not contain enough
text to distinguish them from other more or less empty messages.
Consider messages from free mail providers that have advertising added
by the free mail provider.

> I think it could be better when dccifd will report the Body checksum
> even in the case that the message has one byte. This way can dccifd
> defend the mailboxes against flood of short messages (i think it is
> no problem to write some spam under 30 bytes or just use it as mailbox
> DOS).

You might be surprised by the number of false positives that would
produce.  Many people send legitimate messages that are empty except
for their signatures.

On the other hand, it is difficult write effective advertising with
fewer than 30 characters.

When designing something, the most important questions you must
answer are what it will not do.  It is always possible to add
something to anything; the trick is saying "No."  The DCC is supposed
to detect substantially identical streams of bulk mail.  It is not
a defense against denial of service attacks except incidentally.
A router blackhole or other filter is better defense against a
denial of service attack.






More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.