SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )

Fri Dec 9 18:15:18 UTC 2005

On Fri, 9 Dec 2005, Douglas Otis wrote:

> > Actually, I get about ten to twenty times as much virus blowback as I get
> > spam from trojan-zombie boxes.

> I am having difficulty understanding why a one time investment in
> Bounce-Address Tag Validation which can be in operation immediately and offer
> 100% "blowback" protection from _all_ sources using trivial resources is not
> being considered?

I may be considering it.  I may be implementing it right now.  I may have
already implemented it.  Who's to know?

It doesn't matter, because the use of recipient-side filtering or rejection
of blowback is irrelevant to my point.

>  The more who lock their back door, the fewer times you will
> find miscreants checking to see that it is locked.

That doesn't mean that I should have thousands of people coming up to my
back door 24 hours a day, nor should I have to watch my back door to shoo
them away all day long.  (Read:  "That analogy doesn't fly.")

I can police my network in any way I choose.  I can have dozens of locks on
my virtual doors -- and I do.  That still doesn't take away culpability from
the UBE sender, and thus has no relevance to the discussion at hand.

Let me state this again in exactly two sentences so that you may understand
my point, provided there is enough thin skull available for it to penetrate:

   1. Virus "warnings" to forged addresses are UBE, by definition.
   2. It is the responsibility of the *SENDER* not to send UBE.

If this is still not clear, you're working in the wrong industry.

===

On Fri, 9 Dec 2005, Steven J. Sobol wrote:

> I'd like someone UNBIASED to take up his side of the discussion, please.
> I'm really not inclined to listen to an AV employee explain why they
> should be spamming us.

"What he said."

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>