North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
On Dec 9, 2005, at 4:09 PM, Robert Bonomi wrote:
When there is some percentage of false-positive detection, there will be a number of messages that will fall into the "should not have been rejected" category, where indeed the return-path is not likely to have been forged, and a DSN would be of value to the sender. When a DSN is sent, the sender will be able to take corrective action. There is also a percentage of messages where malware detection is valid, but nonetheless the return-path is also valid. (Perhaps overwritten by the provider.)If there is a 'false positive' detecting malware, it is a near certainty that the "legitimate" message so classified does *NOT* have a FORGED ADDRESS.1) Malware detection has a 0% false positive.
You are judging this situation based upon only the wrong choice as having been made. AV filtering is not the only situation where a DSN exploit is used, and there is no way to be sure about a choice of discarding the DSN. Discarding DSNs _will_ degrade the integrity of email delivery. As the recipient of the DSN is _always_ the best judge whether the DSN was sent to a forged return-path, why not take advantage of that superior knowledge? Automate the process so the DSN recipient is able to immediate rejects _all_ invalid DSNs. Overall, email transactions will be faster, and DSN exploits will soon disappear.