From owner-nanog@merit.edu Fri Dec 9 17:10:00 2005 Cc: "Steven J. Sobol" <sjsobol@JustThe.net>, "Geo." <geoincidents@nls.net>, nanog@merit.edu From: Douglas Otis <dotis@mail-abuse.org> Subject: Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Date: Fri, 9 Dec 2005 15:08:49 -0800 To: Todd Vierling <tv@duh.org>
On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
None of these are my problem. I am a non-involved third party to the malware detection software, so I should not be a party to its outgoing spew.
I have not requested the virus "warnings" (unsolicited), they are being sent via an automated trigger (bulk, by extension of the viruses also being bulk), and they are e-mail -- UBE by definition. Whether they are also formatted as DSNs or delivered like DSNs doesn't take away their UBE status.
This is a third-party acting in good faith,
"In good faith" is _HIGHLY_ debatable. "On blind faith" (that the sender address infor is accurate) is much closer to an accurate description. The aforementioned third parties, being experienced professionals, and even 'experts', in the field *SHOULD* KNOW BETTER than to act in that matter. How can they claim to be experts in the field and _NOT_ be aware of the _probability_ (not just the "possibility) of the sender address being spoofed? AND, *as*experts* in that area, it is incumbant on _them_ to 'act responsibily' on behalf of their clients/customers who are "not so knowledgable" about such matters.
How would the third-party acting in good faith know who really sent the message?