North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Barracuda Networks Spam Firewall
On Tue, 18 May 2004 15:48:28 EDT, "Christopher X. Candreva" <firstname.lastname@example.org> said: > What would your auditor think about your secondary MX being used as a DOS > amplifier because it sends out thousands of bogus bounces to forged > addresses ? You're missing the main point - that sometimes things are done in ways that are sub-optimal or even pessimal from the technical standpoint, because some other consideration interferes. Yes, it *would* be nice if everybody in the world was able to DTRT on their outward-facing gateway and send back an immediate 550 on a RCPT TO: in order to stop stuff right up front. However, this implies getting buy-in and resources of all the appropriate people. I'm sure *everybody* has had at least one Good Idea either totally shot down or mutated beyond recognition because it wouldn't pass auditors (either internal or external), or because it involved purchasing from Company X because X is the only one with the feature support, but you'll never get that purchase order approved by the "it must be Company Y gear" manager, or because deploying it would involve getting buy-in from somebody in applications development, and they don't understand why the urgency on this new feature you need them to add...