SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
Douglas Otis
dotis at mail-abuse.org
Fri Dec 9 19:58:15 UTC 2005
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
>
> 1. Virus "warnings" to forged addresses are UBE, by definition.
This definition would be making at least two of the following
assumptions:
1) Malware detection has a 0% false positive.
2) Lack of DSN for email falsely detected containing malware is okay.
3) Purported malware should be assumed to use a forged return-path.
4) The return-path can be validated prior to accepting a message.
5) SMTP should appear to be point-to-point.
6) MTAs with AV filters are the only problem.
While there could be best practices created for AV filtering, it
seems unlikely to be effective. Simplistic filters for DSNs also
seem counter to ensuring the integrity of email delivery. Defending
against DSN exploits with BATV will remove this vector, which in turn
will end DSN exploits attempts over the long term. Why expect others
to fix this problem, when there is a solution that one could make the
investment in to deploy. This will reduce this problem over the long
term. The BATV alternative would not cause otherwise valuable DSNs
to be lost, nor make assumptions about the quality of malware detection.
If you can't trust AV handling of DSNs, why trust their detections?
Would you rather see emails simply disappear?
> 2. It is the responsibility of the *SENDER* not to send UBE.
When the recipient is a legitimate email provider, it could seriously
lower the integrity of email delivery for these providers to toss
DSNs because many fall into a category you want to define as UBE.
While I agree whole heartily this malware notification problem
stinks, there is a much safer and surer solution.
-Doug
More information about the NANOG
mailing list