SMTP store and forward requires DSN for integrity
Micheal Patterson
micheal at tsgincorporated.com
Sun Dec 11 10:53:03 UTC 2005
----- Original Message -----
From: "Douglas Otis" <dotis at mail-abuse.org>
To: "Andrew - Supernews" <andrew at supernews.net>
Cc: <nanog at merit.edu>
Sent: Saturday, December 10, 2005 3:54 PM
Subject: Re: SMTP store and forward requires DSN for integrity
>
> On Sat, 2005-12-10 at 17:37 +0000, Andrew - Supernews wrote:
>
>> BATV doesn't help you if the problem is SMTP transaction volume, any
>> more than a firewall will help you cope with a saturated network
>> link.
>
> I agree with most of your statements. AV filters should be done
> within
> the session when possible, etc.
>
> Your statement regarding BATV is not correct however. There are two
> ways BATV reduces SMTP transaction volume when dealing with forged
> DSNs.
>
"... BATV reduces SMTP transaction volume when dealing with forged
DSNs."
If malware detection systems would not generate a DSN to the originator
upon detection in the first place, there would be no need to reduce
those transactions as there would be no transactions to reduce. The
solution, to me, seems so simple, I must be overlooking something or not
comprehending fully what the issue truly is. I thought that the initial
problem was with AV mechanisms sending out DSN's to incorrect sender
addresses. Please, if I'm so far off base, would someone be so kind as
to email me off list and clear this up for me?
Honestly Doug, you do realize that your reluctance to stop the problem
at the source conveys to everyone on this list the impression that
you're only trying to gain support for your proposal don't you?
Let's take the malware and av scanners out of the picture for a moment.
There was a time, long ago, where malware didn't exist in the email
network. At that time, when a message was undeliverable, a DSN was sent
to the originator of the message. It happens. Typo's and such. No one
complained. Why? Because legitimate email, in order to function requires
a valid email address for both parties. Why would they falsify it if
they wish to communicate?
Now, let's look at it as of "today".
If someone sends someone a virus, intentionally, it's main purpose is to
get to as many systems as it possibly can, as fast as it can to allow
the software to propagate before it's detected by AV software. Do you
REALLY think that the initial sender wishes to be told that he sent a
virus? Do you really believe he/she wishes to even be known or contacted
by you in any way? Of course not. Then why do these systems still
attempt to send these notices? Well after all logical reasoning has
indicated that the sender is forged. The software of today has no way of
knowing if the originating system is the actual system that's introduced
it into the wild or a carrier. It has no way to validate the email
address of the sender. Can BATV correct this? Possibly. But at what cost
Doug? How much will it cost them to get the latest and greatest so that
they can implement BATV? How much down time will they have to deal with
to implement it? Multiply that by the millions of mta's around the
globe. Now, you tell me Doug, which is easier for everyone to do?
Upgrade/update their mta's around the world or have those few AV
detection vendors recode their software? I don't know about you, but if
what little information I've found on BATV is current, most folks will
have to switch to Exim or NetQmail just to get it to work currently.
There's a lot of postfix and sendmail networks out there that may not
want to switch. What happens to them?
Mike P.
More information about the NANOG
mailing list