Date: Fri, 9 Dec 2005 15:08:49 -0800 From: Douglas Otis <dotis@mail-abuse.org> Subject: Re: SMTP store and forward requires DSN for integrity
On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
[ ... ] I have not requested the virus "warnings" (unsolicited), they are being sent via an automated trigger (bulk, by extension of the viruses also being bulk), and they are e-mail -- UBE by definition. Whether they are also formatted as DSNs or delivered like DSNs doesn't take away their UBE status.
This is a third-party acting in good faith,
It's amazing Mike, can you pass me that crack-pipe ! *any* anti-virus vendor has not only signatures of a specific virus but also a good understanding of what the virus does and how it spreads. If the vendor doesn't, well, they'd better retire from the AV business, because as a vendor they should be able to tell me that. (you know, me customer, you vendor, I give money for features I want) If you want to send DSN's telling people they send out a virus, do so only for viruses which are known *not* to forge or even better, which don't have any SMTP engines of their own. Well, how many of those still wander round ? And how many of those can be found by *outbound* scanning on mailservers at the originating party ?
[ ... ] Where do you draw the line, as AV filtering is not the only source of a spoofed DSN problem?
Right now dumb AV filtering is akin to a Smurf amplifier. Essentially the AV vendors are DDoS'ing each and every mailserver out there. Great, now a little question, why not inform the recipient of the mails that the AV solution stopped another virus heading their way ? Would be great advertising, see Mr CIO, you have 500 new mails in the last hour, 490 are about how our mailserver stopped all them viruses ! Last month alone, my Spam folder (at work) counted over 80% AV mails. Guess how large that folder has become because of that ? I've jumped from around 1GB normally up to almost 3GB. That jump can be attributed to AV filters everywhere. You'd almost think the AV vendors have a rather large stock in bandwith and storage providers.
[ ... ] In this case however, it is in keeping with a general expectation that a DSNs will be sent when a message can not be delivered. If this party wanted to save costs, they would toss the DSN.
Save costs ? Sure I wanna save costs. And mind you the most expense isn't in the storage for e-mail for my end users, it's in the cost of me making sure we don't get blacklisted by every other selfrespecting mailserver in the world. Hence we drop virus mails, we log them, and the *recipients* can get a mail telling them a virus was stopped. However we put that into a seperate IMAP folder and not in the INBOX. There's no need to Spam both sender and recipient. The recipient on our end can check to see if a message towards them was stopped if they were expecting something. Now viruses aren't the only scourge, I know, but the AV vendors are hard underway to destroy e-mail as a communications tool, where previously this was the doing of Spammers. I don't think any AV vendor would consider themselves more "evil" then Spammers, Phishers or scriptkiddies, but they will be if they don't act more responsibly. Regards, JP Velders