Jo Rhett wrote:
Marc Perkel wrote:
Not really. If somene had the bandwidth to cause a denial of service
through sender verification they could do it more easlly by just
attacking the target directly. No one is going to use sender
verification as a DIS tool. It's to inefficient.
What? You mean the same inefficiency that spam has? God, you're
right - nobody is doing that any more!
Um, you know at first I was agreeing with your comments about
UCEPROTECT but now that you've shown yourself to be fairly clueless,
I'm having to revise my opinion of them. Their grammar aside, the
page that describes the potential is technically accurate. Please go
read it, and think about it.
Send a bunch of spam with a single forged sender address to a lot of
sites that do sender verification. Watch their mail server fall down.
I can assure you that even with modern hardware, no e-mail MTA
available today can handle 20mb/sec of e-mail connections. The best I
have personally observed is commercial Sendmail handling 12mb/sec.
(of connections with no data transfer is a LOT of connections)
I'm using Exim which caches sender verification results so if the
attacker uses a single forged address it would only result in a callout
ever 2 hours or so.
- Re: What's with UCEPROTECT List? Marc Perkel
-
