nanog mailing list archives
Re: Clueless anti-virus products/vendors (was Re: Sober)
From: "Edward B. Dreger" <eddy+public+spam () noc everquick net>
Date: Wed, 7 Dec 2005 21:35:07 +0000 (GMT)
DO> Date: Tue, 6 Dec 2005 16:26:16 -0800 DO> From: Douglas Otis DO> I know of no cases where a malware related DSN would be generated by our Good. DO> products, nevertheless, DSNs are not Unsolicited Bulk Email. Huh? I get NDRs for mail that "I" sent. I do not want those NDRs. I did not request those NDRs. Those NDRs are not in response to a message I sent. I do not want backscatter NDR notices. I frankly don't care that WhizBangAV caught WormOfTheWeek on Susie Smith's corporate mail in Argentina from Billy Boo's PC in China... just because my address happened to be the subject of a joe jobbing worm. Really. Even reading and posting to NANOG is more important. ;-) DO> Not all email is rejected within the SMTP session. You are changing DO> requirements for recipients that scan incoming messages for malware. Fault DO> them for returning content or not including a null bounce-address. No one DO> can guarantee an email-address within the bounce-address is valid, Perhaps DSNs should be sent to the original recipient, not the purported sender. RFC-compliant? No. Ridiculous? Less so than pestering a random third party. Let the intended recipient communicate OOB or manually if needed. DO> furthermore a DSN could be desired even for cases where an authorization When auth fails, one knows *right then* c/o an SMTP reject. No bounce is necessary. DO> scheme fails. Why create corner cases? The corner case is that a virus _might_ actually have a realistic "From" address. :-) DO> DomainKeys and Sender-ID can not validate the bounce-address or the DSN. DO> Even with an SPF failure, a DSN should still be sent, as SPF fails in If you receive mail with From: <eddy () everquick net> coming from 10.10.10.10, and everquick.net SPF records indicate that IP address is bogus, how can you possibly justify "that mail may indeed have come from how it's apparently addressed"? Doubly so when a virus is known to spoof "from" addresses! Saying a DSN should be sent is just untenable. DO> several scenarios, and false positives are never 0%. BATV offers a DO> unilateral option that can effectively discard spoofed bounce-addresses. DO> When the AV software provides the DSN with a null bounce-address, BATV works DO> as advertised. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc () brics com -*- jfconmaapaq () intc net -*- sam () everquick net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Current thread:
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ), (continued)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) mary (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Edward B. Dreger (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (wasRe:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Rich Kulawiec (Dec 10)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Rich Kulawiec (Dec 10)
- Recording the return path (was Re: Clueless anti-virus products/vendors) Michael . Dillon (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Per Heldal (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Michael . Dillon (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
- Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Per Heldal (Dec 12)