SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )

• Previous message (by thread): SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
• Next message (by thread): SMTP store and forward requires DSN for integrity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 10 Dec 2005, Douglas Otis wrote:

> With the high prevalence of viruses having a forged return-path, the
> concern is largely about _false_ detections.  These are not actual
> numbers, but perhaps more realistic than figures suggested previously.
> Imagine the false positive error rate for an email AV filter runs about
> 1 in 1000 malwares.  While indeed this may not be a tragedy having a few
> valid emails lost without notice in an AV effort, this loss is not
> required when "valid" DSN recognition is deployed.

The loss is also not required when virus/malware scanning is done during 
the SMTP conversation.  Google for QHPSI.  Messages don't have to 
disappear and bogus DSNs don't have to be sent.  People just need to 
modernize their MTAs.

> The AV filter then bounce technique has been used for many years, where
> DSNs must be filtered at the DSN recipient.  Rather than seemingly

Like many other things on the internet, just because it's been in place 
for many years doesn't mean its a good idea or still a viable system.

> will also recover the valid 1 in 1000 DSNs.  This BATV automation would
> also ensure no DSNs with forged return-paths, created at any point where
> acceptance criteria differs between MTAs, will be accepted before the
> data phase.  BATV should be almost as effective as a DNS-BL.  You can
> even use automate BATV refusals by others to add to your own temp BL.

That still leaves "our" (the people not sending bogus DSNs) systems having 
to do lots of work (validating signitures) to decide how to handle DSNs 
that should never have been sent.

Interesting that you should mention DNSBLs.  I've seen people asking for 
DNSBLs of bogus DSN senders for years.  I hope the integration of AV 
filtering and MTAs will improve before we see widespread use of bogus DSN 
sender DNSBLs.  Unfortunately, for some people, experiencing pain is the 
only way they can be convinced to clean up their problems.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
• Next message (by thread): SMTP store and forward requires DSN for integrity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]