Re: Clueless anti-virus products/vendors (was Re: Sober)

[Douglas Otis]

On Dec 8, 2005, at 2:18 AM, Michael.Dillon@btradianz.com wrote:
> It seems reasonable to design a mail system so that notifications  
> are sent back to the originator of the message when there is a  
> problem somewhere along the delivery chain.
Agreed.  The alternative would be more like instant messaging.


> It seems very UNreasonable to send notifications to random  
> destinations that have nothing to do with originating the message  
> in question.
It is also unreasonable to assume the return-path can always be  
associated with the sending MTA.


> The crux of the matter is that if you don't KNOW the true source of  
> the message, then you cannot return a DSN. You can go through the  
> motions, but then you are originating SPAM (UBE), not returning DSNs.
When accepting messages from anonymous sources, seldom does one know  
the source.


> Should you be accepting any mail at all from SMTP servers that you  
> do not know and trust because of prior contact, i.e. negotiating an  
> email peering agreement?
Making email a closed system would dramatically change who can send  
messages and how email would work.  The safest place to decide  
whether a DSN is legitimate is by the MTA located by the return- 
path.  Use of BATV allows the return-path MTA to immediately refuse  
DSNs determined to be illegitimate.  Immediately, the back-scatter  
problem would be substantially resolved and no RFC need to be  
changed, and the integrity of email delivery would not suffer.  This  
would also close the "back-door" used to evade black-hole lists.

-Doug