On Sun, Jan 02, 2005 at 03:31:38PM -0800, Thomas Bushnell BSG wrote:
> Santiago Vila <sanvila@unex.es> writes:
>
> > I was just following your line of reasoning:
> >
> > "You cannot justify the bad things that happen as a result of your
> > actions by saying that your goals cannot be reached without such bad
> > things happening", where:
> >
> > action = greylisting
> > bad things that happen = delayed email
> >
> > Try reducing the level of spam to a 1/10th without false positives
> > and without delaying any email.
>
> You cannot justify graylisting by saying "but this is the only way to
> stop spam!" You *can* justify it by comparing the costs against the
> benefits.
>
> The worst case costs of well-implemented graylisting should be
> something like a short delay in an email message; the worst case of a
> false positive rejection can be much much worse indeed.
The worst case for graylisting is the same as a false positive: undelivered
mail. Yes, there are servers out there that are non-spam (like, for one
known example, at least one major airline's reservation notification
system) that don't attempt to re-send on a 4xx code.
Note that I'm not going to argue the merits of graylisting vs. other
methods, or the actual measured costs, except to point out that you can
implement *your* end of the protocol perfectly, in a way that shouldn't
cause any mor than a delay, and the other guy can still screw it up for
you.
O() notation is useful, but in the real world, one must always remember
that O(n) is n*k1+k2, O(n^2) is n^2*k1+n*k2+k3 - and the values of the
constants can potentially matter. A lot.
--
Joel Aelwyn <fenton@debian.org> ,''`.
: :' :
`. `'
`-
Attachment:
signature.asc
Description: Digital signature