----- Original Message ----- From: "Micheal Patterson" <micheal@tsgincorporated.com> To: "Douglas Otis" <dotis@mail-abuse.org>; "Todd Vierling" <tv@duh.org> Cc: "Steven J. Sobol" <sjsobol@JustThe.net>; "Geo." <geoincidents@nls.net>; <nanog@merit.edu> Sent: Friday, December 09, 2005 4:01 PM Subject: Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
----- Original Message ----- From: "Douglas Otis" <dotis@mail-abuse.org> To: "Todd Vierling" <tv@duh.org> Cc: "Steven J. Sobol" <sjsobol@JustThe.net>; "Geo." <geoincidents@nls.net>; <nanog@merit.edu> Sent: Friday, December 09, 2005 1:58 PM Subject: Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
1. Virus "warnings" to forged addresses are UBE, by definition.
This definition would be making at least two of the following assumptions:
1) Malware detection has a 0% false positive. 2) Lack of DSN for email falsely detected containing malware is okay. 3) Purported malware should be assumed to use a forged return-path. 4) The return-path can be validated prior to accepting a message. 5) SMTP should appear to be point-to-point. 6) MTAs with AV filters are the only problem.
Case in point Doug.. Current versions of Sober.U are sending mail from: ?@c-24-19-xx-xx.hsd1.wa.comcast.net (xx's to hide the actual host). I have a slew of these in my detected malware folder. I suppose that you'd prefer, by your reasoning, that I be sending DSN's to these addresses, knowing full well that it won't make it and just clutter up comcast's smtp gateway with DSN's. I'm sure that they'd like that very much.
Mike P.
And before anyone points out that the mx for comcast would not see that message, I know that on this particular host, they would not. I also realize the the DSN would sit in my outbound queue until it was purged after 5 days due to non-delivery. The point remains the same for this example as if it were addresses from hostmaster?@comcast.net or ?@comcast.net. The originator is forged and the DSN is unable to get to the originating sender. Mike P.