[Mimedefang] Image blocking idea

John Rudd john at rudd.cc
Thu Apr 20 12:35:48 EDT 2006 

On Apr 20, 2006, at 7:58 AM, David F. Skoll wrote:

> Kenneth Porter wrote:
>
>> I'm beginning to favor the idea of challenge/response systems, but 
>> only
>> for "rich" content (ie. anything not pure text/plain).
>
> Intriguing... I normally hate C/R systems, but that might be a good 
> idea.
> Anything to make it more of a hassle to send non-plain-text e-mail is
> a good idea, IMO.
>

The thought I was having earlier was that while greylisting seems to be 
losing its luster, and other mechanisms are having to keep fighting to 
keep up, the thing that has consistently worked well for me is: 
greet-pause (often filtering out 50% of my attempted spam connections 
per day, and I have had fewer than 5 false positives in the 2-3 years 
I've been using it).

The reason for that is exactly the opposite of you earlier assertion: 
spammers do _NOT_ have unlimited resources.  Greet-pause slows down 
their ability to submit spam to targets, and lowers their overall 
throughput, by making them waste resources they have in limited supply 
(time).  If time is money, then the greet-pause is a tax.  A tax they 
aren't willing to spend.

The downside: they only have to wait once per connection, not per 
message nor per recipient.

My thought: why not put something like an N second delay in 
filter_sender (maybe 4 or 5 seconds?) and 1 second delay in 
filter_recipient.  You could even make it conditional to only do these 
delays if the relay is outside of your domain.  The result will be that 
this "tax" gets paid when a sender wants to send multiple messages per 
connection and/or messages with many senders.  More messages, the 
longer the delay.  More recipients, the longer the delay.

I need to think more about it to know what the right delay values are, 
though.  It needs to be a value which stacks up if you're doing a lot 
of these, but that wont be too much of a problem for legitimate senders 
nor roaming users (so you probably also want to exempt those who have 
successfully AUTHed).  You also don't want to pick values that are 
likely to exceed things like sendmail default timeouts.

More information about the MIMEDefang mailing list