[Asrg] FeedBack loops
Steve Atkins
steve at blighty.com
Wed Nov 12 12:29:30 PST 2008
On Nov 12, 2008, at 12:09 PM, Chris Lewis wrote:
>
>
> Remember that CBL's detection reliability is extremely good, and also
> that the CBL only makes detection on an actual email attempt from the
> listed IP. If telekom.gov.tr supported ARF, and the CBL instrumented
> their detectors to generate ARF, that would be at least 440,000 unique
> IP reports over whatever interval the CBL is reporting. Which seems
> to
> be about a week... What abuse desk could cope with that flow rate?
> No-one.
I have customers handling 250,000 reports via email a day, and they're
not all as nicely automatable as ARF either, so it's not entirely out
of the
question. :)
ARF is not really intended for unsolicited reports, though, it's
intended
for solicited reports between consenting parties to be handled via
automated
processing, often with no eyeballs on the content at either end. If the
sender and the receiver consent to using ARF for high traffic reporting
it's not something that will affect anyone else much.
(That still doesn't make ARF necessarily the right format for that
sort of thing, though.)
Cheers,
Steve
More information about the Asrg
mailing list