Clueless anti-virus products/vendors (was Re: Sober)
Douglas Otis
dotis at mail-abuse.org
Thu Dec 8 18:08:32 UTC 2005
On Dec 8, 2005, at 2:18 AM, Michael.Dillon at btradianz.com wrote:
>
> It seems reasonable to design a mail system so that notifications
> are sent back to the originator of the message when there is a
> problem somewhere along the delivery chain.
Agreed. The alternative would be more like instant messaging.
> It seems very UNreasonable to send notifications to random
> destinations that have nothing to do with originating the message
> in question.
It is also unreasonable to assume the return-path can always be
associated with the sending MTA.
> The crux of the matter is that if you don't KNOW the true source of
> the message, then you cannot return a DSN. You can go through the
> motions, but then you are originating SPAM (UBE), not returning DSNs.
When accepting messages from anonymous sources, seldom does one know
the source.
> Should you be accepting any mail at all from SMTP servers that you
> do not know and trust because of prior contact, i.e. negotiating an
> email peering agreement?
Making email a closed system would dramatically change who can send
messages and how email would work. The safest place to decide
whether a DSN is legitimate is by the MTA located by the return-
path. Use of BATV allows the return-path MTA to immediately refuse
DSNs determined to be illegitimate. Immediately, the back-scatter
problem would be substantially resolved and no RFC need to be
changed, and the integrity of email delivery would not suffer. This
would also close the "back-door" used to evade black-hole lists.
-Doug
More information about the NANOG
mailing list