SMTP store and forward requires DSN for integrity

Micheal Patterson micheal at tsgincorporated.com
Sun Dec 11 10:53:03 UTC 2005




----- Original Message ----- 
From: "Douglas Otis" <dotis at mail-abuse.org>
To: "Andrew - Supernews" <andrew at supernews.net>
Cc: <nanog at merit.edu>
Sent: Saturday, December 10, 2005 3:54 PM
Subject: Re: SMTP store and forward requires DSN for integrity


>
> On Sat, 2005-12-10 at 17:37 +0000, Andrew - Supernews wrote:
>
>> BATV doesn't help you if the problem is SMTP transaction volume, any
>> more than a firewall will help you cope with a saturated network 
>> link.
>
> I agree with most of your statements.  AV filters should be done 
> within
> the session when possible, etc.
>
> Your statement regarding BATV is not correct however.  There are two
> ways BATV reduces SMTP transaction volume when dealing with forged
> DSNs.
>

"... BATV reduces SMTP transaction volume when dealing with forged 
DSNs."

If malware detection systems would not generate a DSN to the originator 
upon detection in the first place, there would be no need to reduce 
those transactions as there would be no transactions to reduce. The 
solution, to me, seems so simple, I must be overlooking something or not 
comprehending fully what the issue truly is. I thought that the initial 
problem was with AV mechanisms sending out DSN's to incorrect sender 
addresses. Please, if I'm so far off base, would someone be so kind as 
to email me off list and clear this up for me?

Honestly Doug, you do realize that your reluctance to stop the problem 
at the source conveys to everyone on this list the impression that 
you're only trying to gain support for your proposal don't you?

Let's take the malware and av scanners out of the picture for a moment. 
There was a time, long ago, where malware didn't exist in the email 
network. At that time, when a message was undeliverable, a DSN was sent 
to the originator of the message. It happens. Typo's and such. No one 
complained. Why? Because legitimate email, in order to function requires 
a valid email address for both parties. Why would they falsify it if 
they wish to communicate?

Now, let's look at it as of "today".

If someone sends someone a virus, intentionally, it's main purpose is to 
get to as many systems as it possibly can, as fast as it can to allow 
the software to propagate before it's detected by AV software. Do you 
REALLY think that the initial sender wishes to be told that he sent a 
virus? Do you really believe he/she wishes to even be known or contacted 
by you in any way? Of course not. Then why do these systems still 
attempt to send these notices? Well after all logical reasoning has 
indicated that the sender is forged. The software of today has no way of 
knowing if the originating system is the actual system that's introduced 
it into the wild or a carrier. It has no way to validate the email 
address of the sender. Can BATV correct this? Possibly. But at what cost 
Doug? How much will it cost them to get the latest and greatest so that 
they can implement BATV? How much down time will they have to deal with 
to implement it? Multiply that by the millions of mta's around the 
globe. Now, you tell me Doug, which is easier for everyone to do? 
Upgrade/update their mta's around the world or have those few AV 
detection vendors recode their software? I don't know about you, but if 
what little information I've found on BATV is current, most folks will 
have to switch to Exim or NetQmail just to get it to work currently. 
There's a lot of postfix and sendmail networks out there that may not 
want to switch. What happens to them?

Mike P.




More information about the NANOG mailing list