[Spambayes] RE: Ideas for an MSc project please...

Ryan Malayter rmalayter at bai.org
Mon Feb 9 19:30:15 EST 2004


[Christopher Jastram]
> Money money money.  We haven't bought anything 
> for 2 1/2 years.  No routers, no switches, no 
> desktop machines, no monitors.  (We have replaced 
> hard drives and fans)  New mail servers were on top 
> of the list.

I too, would have chosen to have my salary paid rather than buy new
equipment, if it came down to that. But if my employer was in that sort
of financial shape - where spending a few grand for a critical,
revenue-generating application was too much - I would have started
looking real hard at monster.com.

The tech job market being what it was (and still is), though... I read
you loud and clear.

> Spam filtering was the first thing to go when 
> the load got heavy.  And it will continue to 
> be the first thing to go, since it takes a lion's 
> share of resources.  However, I think it could 
> be done a little differently, along these lines:

How about bandwidth rate limiting? This might be a low-cost solution,
since it is available (at least in rudimentary form) in most firewalls
and operating systems. By watching CPU and disk statistics, you can
figure out that the mail server can reliably handle N kb/s worth of
mail, based on an average message size. So set that up as a limit.

Spammers and virii don't (in general) properly queue and retry at the
sender, so those senders will contend for the (now limited) bandwidth,
see you're site is busy or down, and give up. Legitimate messages will
wait in their sending queues and arrive once the mail storm has passed,
probably not too much later than normal.

An sledgehammer-style solution perhaps, but it might have saved a lot of
trouble in this case.

> Please don't cast stones quite so quickly.  

Sorry about that. I guess this is just a pet peeve of mine. I've seen
any number of sites that wouldn't spend a few hundred bucks that I or a
colleague recommend. Then they are bitten badly and end up spending much
more money later for disaster clean-up, performance tuning, *and* the
improved infrastructure pieces that were initially recommended.

One client could have spent $1900 on an adequate RAID setup and backup
solution, and instead spent many, many times more on consulting hours
for disaster recovery. They had the money to spend, or could have found
it by cutting a bit out of their $20K Christmas party budget or
something. They knew the application was critical to their business.
They just didn't *want* to spend the money at the necessary time, even
though it was absolutely needed. They were "getting by" with what they
had, so why worry, right?

I think "penny-wise and pound-foolish" is the phrase...

Regards,
	Ryan



More information about the Spambayes mailing list