Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )

[Robert Bonomi <bonomi () mail r-bonomi com>]

> From owner-nanog () merit edu  Fri Dec  9 17:10:00 2005
> Cc: "Steven J. Sobol" <sjsobol () JustThe net>, "Geo." <geoincidents () nls net>,
>         nanog () merit edu
> From: Douglas Otis <dotis () mail-abuse org>
> Subject: Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
> Date: Fri, 9 Dec 2005 15:08:49 -0800
> To: Todd Vierling <tv () duh org>
>
>
>
> On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
> > None of these are my problem.  I am a non-involved third party to  
> > the malware detection software, so I should not be a party to its  
> > outgoing spew.
> >
> > I have not requested the virus "warnings" (unsolicited), they are  
> > being sent via an automated trigger (bulk, by extension of the  
> > viruses also being bulk), and they are e-mail -- UBE by  
> > definition.  Whether they are also formatted as DSNs or delivered  
> > like DSNs doesn't take away their UBE status.
>
> This is a third-party acting in good faith,

"In good faith" is _HIGHLY_ debatable.

"On blind faith" (that the sender address infor is accurate) is much
closer to an accurate description.

The aforementioned third parties, being experienced professionals, and even 
'experts',  in the field *SHOULD* KNOW BETTER than to act in that matter.
How can they claim to be experts in the field and _NOT_ be aware of the 
_probability_ (not just the "possibility) of the sender address being spoofed?
AND, *as*experts* in that area, it is incumbant on _them_ to 'act responsibily'
on behalf of their clients/customers who are "not so knowledgable" about 
such matters.

> How would the third-party acting in good faith know who really sent  
> the message?