SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
Micheal Patterson
micheal at tsgincorporated.com
Fri Dec 9 22:54:26 UTC 2005
----- Original Message -----
From: "Micheal Patterson" <micheal at tsgincorporated.com>
To: "Douglas Otis" <dotis at mail-abuse.org>; "Todd Vierling" <tv at duh.org>
Cc: "Steven J. Sobol" <sjsobol at JustThe.net>; "Geo." <geoincidents at nls.net>;
<nanog at merit.edu>
Sent: Friday, December 09, 2005 4:01 PM
Subject: Re: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
>
>
>
> ----- Original Message -----
> From: "Douglas Otis" <dotis at mail-abuse.org>
> To: "Todd Vierling" <tv at duh.org>
> Cc: "Steven J. Sobol" <sjsobol at JustThe.net>; "Geo."
> <geoincidents at nls.net>; <nanog at merit.edu>
> Sent: Friday, December 09, 2005 1:58 PM
> Subject: Re: SMTP store and forward requires DSN for integrity (was
> Re:Clueless anti-virus )
>
>
>>
>>
>> On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
>>>
>>> 1. Virus "warnings" to forged addresses are UBE, by definition.
>>
>> This definition would be making at least two of the following
>> assumptions:
>>
>> 1) Malware detection has a 0% false positive.
>> 2) Lack of DSN for email falsely detected containing malware is okay.
>> 3) Purported malware should be assumed to use a forged return-path.
>> 4) The return-path can be validated prior to accepting a message.
>> 5) SMTP should appear to be point-to-point.
>> 6) MTAs with AV filters are the only problem.
>
> Case in point Doug.. Current versions of Sober.U are sending mail from:
> [email protected] (xx's to hide the actual host).
> I have a slew of these in my detected malware folder. I suppose that you'd
> prefer, by your reasoning, that I be sending DSN's to these addresses,
> knowing full well that it won't make it and just clutter up comcast's smtp
> gateway with DSN's. I'm sure that they'd like that very much.
>
> Mike P.
And before anyone points out that the mx for comcast would not see that
message, I know that on this particular host, they would not. I also realize
the the DSN would sit in my outbound queue until it was purged after 5 days
due to non-delivery. The point remains the same for this example as if it
were addresses from [email protected] or [email protected]. The originator
is forged and the DSN is unable to get to the originating sender.
Mike P.
More information about the NANOG
mailing list