Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 4 Mar 2004 06:32:52 -0500
SMTP auth does not help at all. A virus that delivers email via it's own SMTP engine
completely bypasses the end users ISP server(s). And if the recipient server does not allow incoming mail from wherever it is presented from, then incoming mail will simply be broken unless there is some sort of SPF. Yeah, exactly, that's the point. SMTP AUTH plus something like SPF/CID/DK would stop all the existing worms from operating. Mail sent through their own engines would be rejected by SPF/CID/DK.
But, SPF, caller-ID, and Domain keys all have major unsolved issues with forwards,
aliases, corporate employees checking their work mail and needing to reply through their home connection ISP, but with their company 'From: ' address and several other common scenarios. Until their is universal adoption of some add on to SMTP, nobody can reject all non-conforming mail safely. It's not hard to imagine the largest ISPs and large corps accepting it, at which point it would become necessary for others to accept it or risk having their mail shut out.
All implementations create a much greater load on DNS.
Greater, yes. Much greater, I'm not so sure. Verisign doesn't think it's a substantial extra load. The DNS data could very reasonably be cached.
The real issue is that their is no possible algorithmic solution to rejecting email
reliably based on any of its source, its content, or any combination. So SPF/CID/DK don't work? They reject based on domain
If the mail is not accepted, laws prohibit silently discarding it.
I've never heard this before. What law? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- SMTP "authentication" (was: RE: Backdoor not recognized by Kaspersky) Nick FitzGerald (Mar 03)
- SMTP authentication will save the world (was: EXE not recognized in passworded ZIP by Kaspersky) Martin Mačok (Mar 03)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 03)
- Re: Backdoor not recognized by Kaspersky Lan Guy (Mar 04)
- RE: Backdoor not recognized by Kaspersky Matthew C. Beckman (Mar 04)
- RFC and silent discarding of e-mails (was: Backdoor not recognized by Kaspersky) Martin Mačok (Mar 04)
- Re: RFC and silent discarding of e-mails Luís Bruno (Mar 04)
- Re: RFC and silent discarding of e-mails Martin Mačok (Mar 04)
- Re: RFC and silent discarding of e-mails Luís Bruno (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Sean Crawford (Mar 04)
- Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)
- RE: Backdoor not recognized by Kaspersky Sean Crawford (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 06)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 07)
- RE: Backdoor not recognized by Kaspersky Jay Sulzberger (Mar 07)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 07)