nanog mailing list archives
Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
From: Douglas Otis <dotis () mail-abuse org>
Date: Fri, 9 Dec 2005 19:36:47 -0800
On Dec 9, 2005, at 4:09 PM, Robert Bonomi wrote:
1) Malware detection has a 0% false positive.If there is a 'false positive' detecting malware, it is a near certainty that the "legitimate" message so classified does *NOT* have a FORGED ADDRESS.
When there is some percentage of false-positive detection, there will be a number of messages that will fall into the "should not have been rejected" category, where indeed the return-path is not likely to have been forged, and a DSN would be of value to the sender. When a DSN is sent, the sender will be able to take corrective action. There is also a percentage of messages where malware detection is valid, but nonetheless the return-path is also valid. (Perhaps overwritten by the provider.)
You are judging this situation based upon only the wrong choice as having been made. AV filtering is not the only situation where a DSN exploit is used, and there is no way to be sure about a choice of discarding the DSN. Discarding DSNs _will_ degrade the integrity of email delivery. As the recipient of the DSN is _always_ the best judge whether the DSN was sent to a forged return-path, why not take advantage of that superior knowledge? Automate the process so the DSN recipient is able to immediate rejects _all_ invalid DSNs. Overall, email transactions will be faster, and DSN exploits will soon disappear.
-Doug
Current thread:
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Robert Bonomi (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Douglas Otis (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Matthew Sullivan (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Stephen J. Wilcox (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Edward B. Dreger (Dec 10)
- <Possible follow-ups>
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Robert Bonomi (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Brandon Butterworth (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Robert Bonomi (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Douglas Otis (Dec 09)