Barracuda Networks Spam Firewall

Valdis.Kletnieks at Valdis.Kletnieks at
Tue May 18 20:05:02 UTC 2004

On Tue, 18 May 2004 15:48:28 EDT, "Christopher X. Candreva" <chris at>  said:

> What would your auditor think about your secondary MX being used as a DOS 
> amplifier because it sends out thousands of bogus bounces to forged 
> addresses  ?

You're missing the main point - that sometimes things are done in ways that are
sub-optimal or even pessimal from the technical standpoint, because some other
consideration interferes.  Yes, it *would* be nice if everybody in the world
was able to DTRT on their outward-facing gateway and send back an immediate 550
on a RCPT TO: in order to stop stuff right up front.  However, this implies
getting buy-in and resources of all the appropriate people.

I'm sure *everybody* has had at least one Good Idea either totally shot down or
mutated beyond recognition because it wouldn't pass auditors (either internal
or external), or because it involved purchasing from Company X because X is the
only one with the feature support, but you'll never get that purchase order
approved by the "it must be Company Y gear" manager, or because deploying it
would involve getting buy-in from somebody in applications development, and
they don't understand why the urgency on this new feature you need them to

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list