On 10/28, Dave O'Neill wrote: > >>http://www.mimedefang.org/reputation
> You're discounting it entirely because it uses UDP? Are you sure > you read the RFC? > > The sender IP address is irrelevant -- it's not used for anything at > all. Reports are authenticated with a prearranged username and a > HMAC digest calculated using a shared secret. Having nothing to prevent someone from registering millions of accounts and spewing data from a single IP is not acceptable to me. > I'd really suggest not reinventing the wheel again. If you have > legitimate criticisms of the RFC, please make them on the list > (http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/reputation-reporting) Sure, I'll post there. Although detecting malicious data is clearly a much lower priority for them than reducing bandwidth used. Which makes sense, since they're limiting account creation by charging money, and I wouldn't. And I'm not convinced there's a reason to conform to the rest of the RFC. -- "It's a dangerous business, Frodo, going out your front door. You step into the Road, and if you don't keep your feet, there is no knowing where you might be swept off to." - Gandalf http://www.ChaosReigns.com
