North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: SMTP store and forward requires DSN for integrity (was Re:Cluelessanti-virus )
- From: JP Velders
- Date: Sat Dec 10 09:42:15 2005
> Date: Fri, 9 Dec 2005 15:08:49 -0800
> From: Douglas Otis <firstname.lastname@example.org>
> Subject: Re: SMTP store and forward requires DSN for integrity
> On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
> > [ ... ]
> > I have not requested the virus "warnings" (unsolicited), they are being sent
> > via an automated trigger (bulk, by extension of the viruses also being
> > bulk), and they are e-mail -- UBE by definition. Whether they are also
> > formatted as DSNs or delivered like DSNs doesn't take away their UBE status.
> This is a third-party acting in good faith,
It's amazing Mike, can you pass me that crack-pipe !
*any* anti-virus vendor has not only signatures of a specific virus
but also a good understanding of what the virus does and how it
spreads. If the vendor doesn't, well, they'd better retire from the AV
business, because as a vendor they should be able to tell me that.
(you know, me customer, you vendor, I give money for features I want)
If you want to send DSN's telling people they send out a virus, do so
only for viruses which are known *not* to forge or even better, which
don't have any SMTP engines of their own. Well, how many of those
still wander round ? And how many of those can be found by *outbound*
scanning on mailservers at the originating party ?
> [ ... ]
> Where do you draw the line, as AV filtering is not the only source of a
> spoofed DSN problem?
Right now dumb AV filtering is akin to a Smurf amplifier. Essentially
the AV vendors are DDoS'ing each and every mailserver out there.
Great, now a little question, why not inform the recipient of the
mails that the AV solution stopped another virus heading their way ?
Would be great advertising, see Mr CIO, you have 500 new mails in the
last hour, 490 are about how our mailserver stopped all them viruses !
Last month alone, my Spam folder (at work) counted over 80% AV mails.
Guess how large that folder has become because of that ? I've jumped
from around 1GB normally up to almost 3GB. That jump can be attributed
to AV filters everywhere. You'd almost think the AV vendors have a
rather large stock in bandwith and storage providers.
> [ ... ]
> In this case however, it is in keeping with a general expectation that a DSNs
> will be sent when a message can not be delivered. If this party wanted to
> save costs, they would toss the DSN.
Save costs ?
Sure I wanna save costs.
And mind you the most expense isn't in the storage for e-mail for my
end users, it's in the cost of me making sure we don't get blacklisted
by every other selfrespecting mailserver in the world. Hence we drop
virus mails, we log them, and the *recipients* can get a mail telling
them a virus was stopped. However we put that into a seperate IMAP
folder and not in the INBOX. There's no need to Spam both sender and
recipient. The recipient on our end can check to see if a message
towards them was stopped if they were expecting something.
Now viruses aren't the only scourge, I know, but the AV vendors are
hard underway to destroy e-mail as a communications tool, where
previously this was the doing of Spammers. I don't think any AV vendor
would consider themselves more "evil" then Spammers, Phishers or
scriptkiddies, but they will be if they don't act more responsibly.